.ct.yaml

@@ -1,26 +0,0 @@
-# Copyright 2024 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-remote: origin
-target-branch: main
-
-validate-maintainers: false
-check-version-increment: false
-
-chart-repos:
-  - ingress-nginx=https://kubernetes.github.io/ingress-nginx
-helm-extra-args: --timeout 800s
-
-chart-dirs:
-  - charts

.github/ISSUE_TEMPLATE/bug_report.md

@@ -37,7 +37,7 @@ This questions are the first thing we need to know to understand the context.
 <!-- What do you think went wrong? -->
 
 
-**NGINX Ingress controller version** (exec into the pod and run `/nginx-ingress-controller --version`):
+**NGINX Ingress controller version** (exec into the pod and run nginx-ingress-controller --version.):
 <!--
 POD_NAMESPACE=ingress-nginx
 POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
@@ -60,7 +60,7 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
 
 - **How was the ingress-nginx-controller installed**:
   - If helm was used then please show output of `helm ls -A | grep -i ingress`
-  - If helm was used then please show output of `helm -n <ingresscontrollernamespace> get values <helmreleasename>`
+  - If helm was used then please show output of `helm -n <ingresscontrollernamepspace> get values <helmreleasename>`
   - If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used
   - if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances
 
@@ -71,7 +71,7 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
   - `kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>`
 
 - **Current state of ingress object, if applicable**:
-  - `kubectl -n <appnamespace> get all,ing -o wide`
+  - `kubectl -n <appnnamespace> get all,ing -o wide`
   - `kubectl -n <appnamespace> describe ing <ingressname>`
   - If applicable, then, your complete and exact curl/grpcurl command (redacted if required) and the reponse to the curl/grpcurl command with the -v flag
 

.github/ISSUE_TEMPLATE/cve_report.md

@@ -4,8 +4,8 @@ about: CVE reporting for ingress-nginx
 title: ''
 labels: kind/bug
 assignees:
-    - Gacko
     - strongjz
+    - rikatz
 ---
 
 <!-- if you found something that impacts directly ingress-nginx and

.github/actions/mkdocs/Dockerfile

@@ -1,4 +1,4 @@
-FROM squidfunk/mkdocs-material:9.4.5
+FROM squidfunk/mkdocs-material:9.4.5 
 
 COPY action.sh /action.sh
 

.github/dependabot.yml

@@ -1,5 +1,14 @@
+---
 version: 2
 updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "area/dependency"
+      - "release-note-none"
+      - "ok-to-test"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -8,36 +17,11 @@ updates:
       - "area/dependency"
       - "release-note-none"
       - "ok-to-test"
-    groups:
-      actions:
-        update-types:
-          - "minor"
-          - "patch"
   - package-ecosystem: "docker"
-    directories:
-      - "**/rootfs"
+    directory: "/images"
     schedule:
       interval: "weekly"
     labels:
       - "area/dependency"
       - "release-note-none"
       - "ok-to-test"
-    groups:
-      docker:
-        update-types:
-          - "minor"
-          - "patch"
-  - package-ecosystem: "gomod"
-    directories:
-      - "/"
-      - "**/rootfs"
-    schedule:
-      interval: "weekly"
-    labels:
-      - "area/dependency"
-      - "release-note-none"
-      - "ok-to-test"
-    groups:
-      go:
-        update-types:
-          - "patch"

.github/workflows/chart.yaml

@@ -1,64 +0,0 @@
-name: Chart
-
-on:
-  push:
-    branches:
-      - main
-      - release-*
-    paths:
-      - charts/ingress-nginx/Chart.yaml
-  
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-
-    steps:
-      - name: Set up Python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
-        with:
-          python-version: 3.x
-
-      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
-
-      - name: Set up Helm Chart Testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
-
-      - name: Set up Artifact Hub
-        run: |
-          curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
-          echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31  /tmp/ah.tar.gz" | shasum --check
-          sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
-
-      - name: Set up Git
-        run: |
-          git config --global user.name "${GITHUB_ACTOR}"
-          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Lint chart
-        run: |
-          ct lint --config .ct.yaml
-          ah lint --path charts/ingress-nginx
-
-      - name: Release chart
-        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
-        env:
-          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}
-          CR_SKIP_EXISTING: true
-        with:
-          charts_dir: charts

.github/workflows/ci.yaml

@@ -8,18 +8,14 @@ on:
       - 'docs/**'
       - 'deploy/**'
       - '**.md'
-      - 'images/**' # Images changes should be tested on their own workflow
-      - '!images/nginx/**'
 
   push:
     branches:
       - main
-      - release-*
     paths-ignore:
       - 'docs/**'
       - 'deploy/**'
       - '**.md'
-      - 'images/**' # Images changes should be tested on their own workflow
 
   workflow_dispatch:
     inputs:
@@ -42,14 +38,13 @@ jobs:
     outputs:
       go: ${{ steps.filter.outputs.go }}
       charts: ${{ steps.filter.outputs.charts }}
-      baseimage: ${{ steps.filter.outputs.baseimage }}
 
     steps:
 
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
         id: filter
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -66,104 +61,50 @@ jobs:
               - 'charts/ingress-nginx/Chart.yaml'
               - 'charts/ingress-nginx/**/*'
               - 'NGINX_BASE'
-            baseimage:
-              - 'NGINX_BASE'
-              - 'images/nginx/**'
-            docs:
-              - '**/*.md'
-            lua:
-              - '**/*.lua'
-
-  lua-lint:
-    runs-on: ubuntu-latest
-    needs: changes
-    if: |
-      (needs.changes.outputs.lua == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      
-      - name: Lint Lua
-        uses: lunarmodules/luacheck@v1
-        with:
-          args: --codes --globals lua_ingress --globals configuration --globals balancer --globals monitor --globals certificate --globals tcp_udp_configuration --globals tcp_udp_balancer --no-max-comment-line-length -q rootfs/etc/nginx/lua/
 
   test-go:
     runs-on: ubuntu-latest
     needs: changes
     if: |
-      (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+      (needs.changes.outputs.go == 'true')
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Get go version
-        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      
       - name: Set up Go
         id: go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.21.3'
           check-latest: true
 
       - name: Run test
         run: make test
 
-        
-  verify-docs:
-    name: Verify Doc generation
-    runs-on: ubuntu-latest
-    needs: changes
-    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Get go version
-        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-      - name: Set up Go
-        id: go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-          check-latest: true
-      - name: Verify Docs
-        run: make verify-docs
-
   build:
     name: Build
     runs-on: ubuntu-latest
     needs: changes
-    outputs:
-      golangversion: ${{ steps.golangversion.outputs.version }}
     if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
 
-    env:
-        PLATFORMS: linux/amd64
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Get go version
-        id: golangversion
-        run: |
-          echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up Go
         id: go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
-          go-version: ${{ steps.golangversion.outputs.version }}
+          go-version: '1.21.3'
           check-latest: true
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
         with:
           version: latest
 
@@ -172,17 +113,10 @@ jobs:
 
       - name: Prepare Host
         run: |
-          curl -LO https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl
+          curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
           chmod +x ./kubectl
           sudo mv ./kubectl /usr/local/bin/kubectl
 
-      - name: Build NGINX Base image
-        if: |
-          needs.changes.outputs.baseimage == 'true'
-        run: |
-            export TAG=$(cat images/nginx/TAG)
-            cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx:${TAG} .
-
       - name: Build images
         env:
           TAG: 1.0.0-dev
@@ -190,8 +124,7 @@ jobs:
           REGISTRY: ingress-controller
         run: |
           echo "building images..."
-          export TAGNGINX=$(cat images/nginx/TAG)
-          make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx:${TAGNGINX} clean-image build image image-chroot
+          make clean-image build image image-chroot
           make -C test/e2e-image image
 
           echo "creating images cache..."
@@ -202,121 +135,378 @@ jobs:
             | gzip > docker.tar.gz
 
       - name: cache
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: docker.tar.gz
           path: docker.tar.gz
           retention-days: 5
-
-  chart-lint:
-    name: Chart / Lint
-    runs-on: ubuntu-latest
-    needs:
-      - changes
-
-    if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
-
-    steps:
-      - name: Set up Python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
-        with:
-          python-version: 3.x
-
-      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
-
-      - name: Set up Helm Chart Testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
-
-      - name: Set up Artifact Hub
-        run: |
-          curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
-          echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31  /tmp/ah.tar.gz" | shasum --check
-          sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
-
-      - name: Set up Helm Docs
-        uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4
-
-      - name: Set up Helm Unit Test
-        run: helm plugin install https://github.com/helm-unittest/helm-unittest
-
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Lint chart
-        run: |
-          ct lint --config .ct.yaml
-          ah lint --path charts/ingress-nginx
-
-      - name: Check docs
-        run: |
-          helm-docs --chart-search-root charts
-          git diff --exit-code charts/ingress-nginx/README.md
-
-      - name: Run tests
-        run: helm unittest charts/ingress-nginx --file "tests/**/*_test.yaml"
-
-  chart-test:
-    name: Chart / Test
+  helm:
+    name: Helm chart
     runs-on: ubuntu-latest
     needs:
       - changes
       - build
-      - chart-lint
-
-    if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
+    if: |
+      (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
 
     strategy:
       matrix:
-        k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
+        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Download cache
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - name: Setup Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: '1.21.3'
+          check-latest: true
+
+      - name: cache
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: docker.tar.gz
 
-      - name: Load cache
-        run: gzip --decompress --stdout docker.tar.gz | docker load
+      - name: Lint
+        run: |
+          ./build/run-in-docker.sh ./hack/verify-chart-lint.sh
 
-      - name: Run tests
+      - name: Run helm-docs
+        run: |
+          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
+          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
+          DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md)
+          if [ ! -z "$DIFF" ]; then
+            echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs"
+          fi
+          git diff --exit-code
+          rm -f ./helm-docs
+
+      - name: Run Artifact Hub lint
+        run: |
+          wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
+          echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
+          tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
+          ./ah lint -p charts/ingress-nginx || exit 1
+          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
+
+      - name: fix permissions
+        run: |
+          sudo mkdir -p $HOME/.kube
+          sudo chmod -R 777 $HOME/.kube
+
+      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+        id: kind
+        run: |
+          kind create cluster --image=kindest/node:${{ matrix.k8s }}
+
+      - name: Load images from cache
+        run: |
+          echo "loading docker images..."
+          gzip -dc docker.tar.gz | docker load
+
+      - name: Test
         env:
-          K8S_VERSION: ${{ matrix.k8s }}
+          KIND_CLUSTER_NAME: kind
+          SKIP_CLUSTER_CREATION: true
           SKIP_IMAGE_CREATION: true
         run: |
-          sudo mkdir -pm 777 "${HOME}/.kube"
+          kind get kubeconfig > $HOME/.kube/kind-config-kind
           make kind-e2e-chart-tests
 
   kubernetes:
     name: Kubernetes
+    runs-on: ubuntu-latest
     needs:
       - changes
       - build
     if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+      (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
+
     strategy:
       matrix:
-        k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
-    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
-    with:
-      k8s-version: ${{ matrix.k8s }}
+        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: cache
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: docker.tar.gz
+
+      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+        id: kind
+        run: |
+          kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
+
+      - name: Load images from cache
+        run: |
+          echo "loading docker images..."
+          gzip -dc docker.tar.gz | docker load
+
+      - name: Run e2e tests
+        env:
+          KIND_CLUSTER_NAME: kind
+          SKIP_CLUSTER_CREATION: true
+          SKIP_IMAGE_CREATION: true
+        run: |
+          kind get kubeconfig > $HOME/.kube/kind-config-kind
+          make kind-e2e-test
+
+      - name: Upload e2e junit-reports
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        if: success() || failure()
+        with:
+          name: e2e-test-reports-${{ matrix.k8s }}
+          path: 'test/junitreports/report*.xml'
+
+  kubernetes-validations:
+    name: Kubernetes with Validations
+    runs-on: ubuntu-latest
+    needs:
+      - changes
+      - build
+    if: |
+      (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
+
+    strategy:
+      matrix:
+        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: cache
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: docker.tar.gz
+
+      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+        id: kind
+        run: |
+          kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
+
+      - name: Load images from cache
+        run: |
+          echo "loading docker images..."
+          gzip -dc docker.tar.gz | docker load
+
+      - name: Run e2e tests
+        env:
+          KIND_CLUSTER_NAME: kind
+          SKIP_CLUSTER_CREATION: true
+          SKIP_IMAGE_CREATION: true
+          ENABLE_VALIDATIONS: true
+        run: |
+          kind get kubeconfig > $HOME/.kube/kind-config-kind
+          make kind-e2e-test
+
+      - name: Upload e2e junit-reports
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        if: success() || failure()
+        with:
+          name: e2e-test-reports-${{ matrix.k8s }}
+          path: 'test/junitreports/report*.xml'
+
 
   kubernetes-chroot:
     name: Kubernetes chroot
+    runs-on: ubuntu-latest
     needs:
       - changes
       - build
     if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+      (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
+
     strategy:
       matrix:
-        k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
-    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
-    with:
-      k8s-version: ${{ matrix.k8s }}
-      variation: "CHROOT"
+        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: cache
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: docker.tar.gz
+
+      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+        id: kind
+        run: |
+          kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
+
+      - name: Load images from cache
+        run: |
+          echo "loading docker images..."
+          gzip -dc docker.tar.gz | docker load
+
+      - name: Run e2e tests
+        env:
+          KIND_CLUSTER_NAME: kind
+          SKIP_CLUSTER_CREATION: true
+          SKIP_IMAGE_CREATION: true
+          IS_CHROOT: true
+        run: |
+          kind get kubeconfig > $HOME/.kube/kind-config-kind
+          make kind-e2e-test
+
+      - name: Upload e2e junit-reports
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        if: success() || failure()
+        with:
+          name: e2e-test-reports-chroot-${{ matrix.k8s }}
+          path: 'test/junitreports/report*.xml'
+
+  test-nginx-image-build:
+    permissions:
+      contents: read  # for dorny/paths-filter to fetch a list of changed files
+      pull-requests: read  # for dorny/paths-filter to read pull requests
+    runs-on: ubuntu-latest
+    env:
+      PLATFORMS: linux/amd64,linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+        id: filter-images
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            nginx-base:
+              - 'images/nginx/**'
+      - name: nginx-base-image
+        if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
+        run: |
+          cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} .
+      - name: Run Trivy on NGINX Image
+        if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}'
+          format: 'sarif'
+          ignore-unfixed: true
+          output: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: ${{ steps.filter-images.outputs.nginx-base == 'true' && always() }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+
+  test-image-build:
+    permissions:
+      contents: read  # for dorny/paths-filter to fetch a list of changed files
+      pull-requests: read  # for dorny/paths-filter to read pull requests
+    runs-on: ubuntu-latest
+    env:
+      PLATFORMS: linux/amd64,linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+        id: filter-images
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            custom-error-pages:
+              - 'images/custom-error-pages/**'
+            cfssl:
+              - 'images/cfssl/**'
+            fastcgi-helloserver:
+              - 'images/fastcgi-helloserver/**'
+            echo:
+              - 'images/echo/**'
+            go-grpc-greeter-server:
+              - 'images/go-grpc-greeter-server/**'
+            httpbun:
+              - 'images/httpbun/**'
+            kube-webhook-certgen:
+              - 'images/kube-webhook-certgen/**'
+            ext-auth-example-authsvc:
+              - 'images/ext-auth-example-authsvc/**'
+      - name: custom-error-pages image build
+        if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }}
+        run: |
+          cd images/custom-error-pages && make build
+      - name: cfssl image build
+        if: ${{ steps.filter-images.outputs.cfssl == 'true' }}
+        run: |
+          cd images/cfssl && make build
+      - name: fastcgi-helloserver
+        if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }}
+        run: |
+          cd images/fastcgi-helloserver && make build
+      - name: echo image build
+        if: ${{ steps.filter-images.outputs.echo == 'true' }}
+        run: |
+          cd images/echo && make build
+      - name: go-grpc-greeter-server image build
+        if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }}
+        run: |
+          cd images/go-grpc-greeter-server && make build
+      - name: httpbun image build
+        if: ${{ steps.filter-images.outputs.httpbin == 'true' }}
+        run: |
+          cd images/httpbun && make build
+      - name: kube-webhook-certgen image build
+        if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
+        run: |
+          cd images/kube-webhook-certgen && make build
+      - name: ext-auth-example-authsvc
+        if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }}
+        run: |
+          cd images/ext-auth-example-authsvc && make build
+
+  test-image:
+    permissions:
+      contents: read  # for dorny/paths-filter to fetch a list of changed files
+      pull-requests: read  # for dorny/paths-filter to read pull requests
+
+    runs-on: ubuntu-latest
+
+    env:
+      PLATFORMS: linux/amd64
+
+    strategy:
+      matrix:
+        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+        id: filter-images
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            kube-webhook-certgen:
+              - 'images/kube-webhook-certgen/**'
+
+      - name: Create Kubernetes cluster
+        id: kind
+        if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
+        run: |
+          kind create cluster --image=kindest/node:${{ matrix.k8s }}
+
+      - name: Set up Go
+        id: go
+        if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: '1.21.3'
+          check-latest: true
+
+      - name: kube-webhook-certgen image build
+        if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
+        run: |
+          cd images/kube-webhook-certgen && make test test-e2e
+

.github/workflows/depreview.yaml

@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0

.github/workflows/docs.yaml

@@ -23,9 +23,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
         id: filter
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -47,7 +47,7 @@ jobs:
 
     steps:
       - name: Checkout master
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Deploy
         uses: ./.github/actions/mkdocs

.github/workflows/golangci-lint.yml

@@ -2,9 +2,13 @@ name: golangci-lint
 
 on:
   pull_request:
-    paths:
-      - '**/*.go'
-      - '.github/workflows/golangci-lint.yml'
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - 'deploy/**'
+      - '**.md'
 
 permissions:
   contents: read
@@ -15,20 +19,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Get go version
-        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      
       - name: Set up Go
         id: go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.21.3'
           check-latest: true
-
+      
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0
+        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
         with:
-          version: v1.62
-          only-new-issues: true
+          version: v1.53

.github/workflows/helm.yaml

@@ -0,0 +1,82 @@
+name: Helm
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+
+  changes:
+    permissions:
+      contents: read  # for dorny/paths-filter to fetch a list of changed files
+      pull-requests: read  # for dorny/paths-filter to read pull requests
+    runs-on: ubuntu-latest
+    if: |
+      (github.repository == 'kubernetes/ingress-nginx')
+    outputs:
+      docs: ${{ steps.filter.outputs.docs }}
+      charts: ${{ steps.filter.outputs.charts }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Run Artifact Hub lint
+        run: |
+          wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
+          echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
+          tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
+          ./ah lint -p charts/ingress-nginx || exit 1
+          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
+
+      - name: Lint
+        run: |
+          ./build/run-in-docker.sh ./hack/verify-chart-lint.sh
+
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+        id: filter
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            charts:
+              - 'charts/ingress-nginx/Chart.yaml'
+              - 'charts/ingress-nginx/values.yaml'
+
+  chart:
+    name: Release Chart
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # needed to write releases
+
+    needs:
+      - changes
+    if: |
+      (github.repository == 'kubernetes/ingress-nginx') &&
+      (needs.changes.outputs.charts == 'true')
+
+    steps:
+      - name: Checkout master
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
+          fetch-depth: 0
+
+      - name: Setup
+        shell: bash
+        run: |
+          git config --global user.name "$GITHUB_ACTOR"
+          git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Helm Chart Releaser
+        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
+        env:
+          CR_SKIP_EXISTING: true
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
+        with:
+          charts_dir: charts

.github/workflows/images.yaml

@@ -1,192 +0,0 @@
-name: Container Images
-
-on:
-  pull_request:
-    branches:
-      - "*"
-    paths:
-      - 'images/**'
-
-  push:
-    branches:
-      - main
-    paths:
-      - 'images/**'
-
-permissions:
-  contents: write
-  packages: write
-
-env:
-  PLATFORMS: linux/amd64
-
-jobs:
-  changes:
-    permissions:
-      contents: read  # for dorny/paths-filter to fetch a list of changed files
-      pull-requests: read  # for dorny/paths-filter to read pull requests
-    runs-on: ubuntu-latest
-    outputs:
-      custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }}
-      cfssl: ${{ steps.filter.outputs.cfssl }}
-      fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }}
-      e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }}
-      go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }}
-      httpbun: ${{ steps.filter.outputs.httpbun }}
-      kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
-      ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
-      nginx: ${{ steps.filter.outputs.nginx }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: filter
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          filters: |
-            custom-error-pages:
-              - 'images/custom-error-pages/**'
-            cfssl:
-              - 'images/cfssl/**'
-            fastcgi-helloserver:
-              - 'images/fastcgi-helloserver/**'
-            e2e-test-echo:
-              - 'images/e2e-test-echo/**'
-            go-grpc-greeter-server:
-              - 'images/go-grpc-greeter-server/**'
-            httpbun:
-              - 'images/httpbun/**'
-            kube-webhook-certgen:
-              - 'images/kube-webhook-certgen/**'
-            ext-auth-example-authsvc:
-              - 'images/ext-auth-example-authsvc/**'
-            nginx:
-              - 'images/nginx/**'
-
-  #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
-  cfssl:
-    needs: changes
-    if: |
-      (needs.changes.outputs.cfssl == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: cfssl
-    secrets: inherit
-
-  custom-error-pages:
-    needs: changes
-    if: |
-      (needs.changes.outputs.custom-error-pages == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: custom-error-pages
-    secrets: inherit
-
-  e2e-test-echo:
-    needs: changes
-    if: |
-      (needs.changes.outputs.e2e-test-echo == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: e2e-test-echo
-    secrets: inherit
-
-  ext-auth-example-authsvc:
-    needs: changes
-    if: |
-      (needs.changes.outputs.ext-auth-example-authsvc == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: ext-auth-example-authsvc
-    secrets: inherit
-
-  fastcgi-helloserver:
-    needs: changes
-    if: |
-      (needs.changes.outputs.fastcgi-helloserver == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: fastcgi-helloserver
-    secrets: inherit
-
-  go-grpc-greeter-server:
-    needs: changes
-    if: |
-      (needs.changes.outputs.go-grpc-greeter-server == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: go-grpc-greeter-server
-    secrets: inherit
-
-  httpbun:
-    needs: changes
-    if: |
-      (needs.changes.outputs.httpbun == 'true')
-    uses: ./.github/workflows/zz-tmpl-images.yaml
-    with:
-      name: httpbun
-    secrets: inherit
-
-  kube-webhook-certgen:
-    runs-on: ubuntu-latest
-    needs: changes
-    if: |
-      (needs.changes.outputs.kube-webhook-certgen == 'true')
-    strategy:
-      matrix:
-        k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
-    steps:
-    - name: Checkout
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-    - name: Get go version
-      run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-
-    - name: Set up Go
-      id: go
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
-      with:
-        go-version: ${{ env.GOLANG_VERSION }}
-        check-latest: true
-    - name: image build
-      run: |
-        cd images/ && make NAME=kube-webhook-certgen build
-    - name: Create Kubernetes cluster
-      id: kind
-      run: |
-        kind create cluster --image=kindest/node:${{ matrix.k8s }}
-    - name: image test
-      run: |
-        cd images/ && make NAME=kube-webhook-certgen test test-e2e
-
-  nginx:
-    permissions:
-      contents: write
-      packages: write
-    runs-on: ubuntu-latest
-    needs: changes
-    if: |
-      (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx == 'true')
-    env:
-      PLATFORMS: linux/amd64,linux/arm,linux/arm64
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
-        with:
-          version: latest
-          platforms: ${{ env.PLATFORMS }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build-image
-        run: |
-          export TAG=$(cat images/nginx/TAG)
-          cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx:${TAG} .

.github/workflows/junit-reports.yaml

@@ -5,18 +5,13 @@ on:
     workflows: ['CI']                     # runs after CI workflow
     types:
       - completed
-
-permissions:
-  checks: write
-
 jobs:
   report:
     runs-on: ubuntu-latest
     steps:
-      - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+      - uses: dorny/test-reporter@afe6793191b75b608954023a46831a3fe10048d4 # v1.7.0
         with:
           artifact: /e2e-test-reports-(.*)/
           name: JEST Tests $1               # Name of the check run which will be created
           path: 'report*.xml'               # Path to test results (inside artifact .zip)
           reporter: jest-junit              # Format of test results
-          fail-on-empty: 'true'

.github/workflows/perftest.yaml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install K6
         run: |

.github/workflows/plugin.yaml

@@ -1,8 +1,11 @@
 name: kubectl plugin
 
 on:
-  release:
-    types: [published]
+  push:
+    branches:
+      - "main"
+    tags:
+      - 'v*.*.*\+plugin'
 
 permissions:
   contents: write # for goreleaser/goreleaser-action
@@ -12,39 +15,25 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
-      - name: Get go version
-        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-
       - name: Set up Go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.21.3'
           check-latest: true
 
-      - name: Run GoReleaser Snapshot
-        if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
-        with:
-          version: "~> v2"
-          args: release --snapshot --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Run GoReleaser
-        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         with:
-          version: "~> v2"
+          version: latest
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Update new version in krew-index
-        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: rajatjindal/krew-release-bot@3d9faef30a82761d610544f62afddca00993eef9 # v0.0.47
+        uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
         with:
           krew_template_file: cmd/plugin/krew.yaml

.github/workflows/project.yml

@@ -13,7 +13,7 @@ jobs:
       repository-projects: write
       issues: write
     steps:
-      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
+      - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0
         with:
           project-url: https://github.com/orgs/kubernetes/projects/104
           github-token: ${{ secrets.PROJECT_WRITER }}

.github/workflows/scorecards.yml

@@ -27,12 +27,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -51,7 +51,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
         with:
           sarif_file: results.sarif

.github/workflows/stale.yaml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
         with:
           stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
           stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."

.github/workflows/vulnerability-scans.yaml

@@ -22,7 +22,7 @@ jobs:
       versions: ${{ steps.version.outputs.TAGS }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
@@ -52,7 +52,7 @@ jobs:
         versions: ${{ fromJSON(needs.version.outputs.versions) }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - shell: bash
         id: test
@@ -60,7 +60,7 @@ jobs:
 
       - name: Scan image with AquaSec/Trivy
         id: scan
-        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
+        uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # v0.12.0
         with:
           image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
           format: 'sarif'
@@ -75,7 +75,7 @@ jobs:
 
       # This step checks out a copy of your repository.
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
         with:
           token: ${{ github.token }}
           # Path to SARIF file relative to the root of the repository

.github/workflows/zz-tmpl-images.yaml

@@ -1,81 +0,0 @@
-#### THIS IS A TEMPLATE ####
-# This workflow is created to be a template for every time an e2e test is required,
-
-on:
-  workflow_call:
-    inputs:
-      name:
-        required: true
-        type: string
-      platforms-test:
-        type: string
-        default: linux/amd64
-      platforms-publish:
-        type: string
-        default: linux/amd64
-
-env:
-  PLATFORMS: ${{ inputs.platforms-test }}
-
-permissions:
-  contents: write
-  packages: write
-
-jobs:
-  changestag:
-    permissions:
-      contents: read  # for dorny/paths-filter to fetch a list of changed files
-    runs-on: ubuntu-latest
-    outputs:
-      tag: ${{ steps.filter.outputs.tag }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: filter
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          filters: |
-            tag:
-              - 'images/**/TAG'
-
-  image-build:
-    name: Build
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Build
-        run: |
-          cd images/ && make NAME=${{ inputs.name }} build
-
-  image-push:
-    name: Push
-    needs: changestag
-    if: |
-      (github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'kubernetes/ingress-nginx' && needs.changestag.outputs.tag == 'true')
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      packages: write
-    env:
-      PLATFORMS: ${{ inputs.platforms-publish }}
-    steps:
-    - name: Checkout
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-    - name: Push
-      run: |
-          cd images/ && make REGISTRY=ingressnginx NAME=${{ inputs.name }} push
-

.github/workflows/zz-tmpl-k8s-e2e.yaml

@@ -1,57 +0,0 @@
-#### THIS IS A TEMPLATE ####
-# This workflow is created to be a template for every time an e2e test is required,
-
-on:
-  workflow_call:
-    inputs:
-      k8s-version:
-        required: true
-        type: string
-      variation:
-        type: string
-
-permissions:
-  contents: read
-
-jobs:
-  kubernetes:
-    name: Kubernetes ${{ inputs.variation }}
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: cache
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          name: docker.tar.gz
-
-      - name: Create Kubernetes ${{ inputs.k8s-version }} cluster
-        id: kind
-        run: |
-          kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml
-
-      - name: Load images from cache
-        run: |
-          echo "loading docker images..."
-          gzip -dc docker.tar.gz | docker load
-
-      - name: Run e2e tests ${{ inputs.variation }}
-        env:
-          KIND_CLUSTER_NAME: kind
-          SKIP_CLUSTER_CREATION: true
-          SKIP_INGRESS_IMAGE_CREATION: true
-          SKIP_E2E_IMAGE_CREATION: true
-          IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
-        run: |
-          kind get kubeconfig > $HOME/.kube/kind-config-kind
-          make kind-e2e-test
-
-      - name: Upload e2e junit-reports ${{ inputs.variation }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        if: success() || failure()
-        with:
-          name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
-          path: 'test/junitreports/report*.xml'
-

.gitignore

@@ -1,3 +1,4 @@
+helm-docs
 # OSX
 ._*
 .DS_Store
@@ -60,4 +61,3 @@ cmd/plugin/release/*.tar.gz
 cmd/plugin/release/LICENSE
 tmp/
 test/junitreports/
-tests/__snapshot__

.golangci.yml

@@ -2,7 +2,6 @@ run:
   timeout: 10m
   allow-parallel-runners: true
 
-issues:
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
   max-issues-per-linter: 0
 
@@ -23,6 +22,7 @@ linters:
     - errcheck
     - errchkjson
     - errname
+    - execinquery
     - ginkgolinter
     - gocheckcompilerdirectives
     - goconst
@@ -200,7 +200,9 @@ linters-settings:
       - stringConcatSimplify
       - stringsCompare
       - switchTrue
+      - timeCmpSimplify
       - timeExprSimplify
+      - todoCommentWithoutDetail
       - tooManyResultsChecker
       - typeAssertChain
       - typeDefFirst
@@ -227,6 +229,9 @@ linters-settings:
   nolintlint:
     # Enable to ensure that nolint directives are all used. Default is true.
     allow-unused: false
+    # Disable to ensure that nolint directives don't have a leading space. Default is true.
+    # TODO(lint): Enforce machine-readable `nolint` directives
+    allow-leading-space: true
     # Exclude following linters from requiring an explanation.  Default is [].
     allow-no-explanation: []
     # Enable to require an explanation of nonzero length after each nolint directive. Default is false.

.luacheckrc

@@ -1,6 +1,6 @@
 std = 'ngx_lua'
 max_line_length = 100
-exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua'}
+exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua', './rootfs/etc/nginx/lua/plugins/**/test/**/*.lua'}
 files["rootfs/etc/nginx/lua/lua_ingress.lua"] = {
   ignore = { "122" },
   -- TODO(elvinefendi) figure out why this does not work

Changelog.md

@@ -2,7 +2,7 @@
 
 All New change are in [Changelog](./changelog)
 
-### 1.5.1
+### 1.5.1 
 
 * Upgrade NGINX to 1.21.6
 * Upgrade Golang 1.19.2
@@ -102,18 +102,18 @@ Images:
 ### Community Updates
 
 We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going
-forward with the project at
-[Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us
+forward with the project at 
+[Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us 
 and let us hear what you'd like to see in the future for ingress-nginx.
 
 https://kccncna2022.sched.com/event/18lgl?iframe=no
 
 [**Kubernetes Registry change notice**](https://twitter.com/BenTheElder/status/1575898507235323904)
-The [@kubernetesio](https://twitter.com/kubernetesio) container image host http://k8s.gcr.io is
-*actually* getting redirected to the community controlled http://registry.k8s.io starting with a small portion of
+The [@kubernetesio](https://twitter.com/kubernetesio) container image host http://k8s.gcr.io is 
+*actually* getting redirected to the community controlled http://registry.k8s.io starting with a small portion of 
 traffic on October 3rd.
 
-If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheElder),
+If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheElder), 
 [@thockin](https://twitter.com/thockin), [@ameukam](https://twitter.com/ameukam),or report issues in slack to
 [sig-k8s-infra slack channel](https://kubernetes.slack.com/archives/CCK68P2Q2).
 
@@ -123,7 +123,7 @@ If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheEl
 [8890](https://github.com/kubernetes/ingress-nginx/pull/8890)
 * Update to Prometheus metric names, more information [available here]( https://github.com/kubernetes/ingress-nginx/pull/8728
 )
-* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.22, v1.23, v1.24, v1.25
+* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.22, v1.23, v1.24, v1.25  
 
 ADDED
 * `_request_duration_seconds` Histogram
@@ -203,11 +203,11 @@ Images:
 
 ### 1.3.1
 
-In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps.
+In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. 
 v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1.
 
-Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches,
-Also, *important note*, with the release of Kubernetes v1.25, we are dropping support for the legacy edition,
+Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, 
+Also, *important note*, with the release of Kubernetes v1.25, we are dropping support for the legacy edition, 
 that means all version <1.0.0 of the ingress-nginx-controller.
 
 ## Image:
@@ -277,11 +277,11 @@ All other Changes
 
 ### 1.3.0
 
-Image:
+Image: 
 - registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5
 - registry.k8s.io/ingress-nginx/controller-chroot:v1.3.0@sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191
 
-_IMPORTANT CHANGES:_
+_IMPORTANT CHANGES:_ 
 * This release removes support for Kubernetes v1.19.0
 * This release adds support for Kubernetes v1.24.0
 * Starting with this release, we will need permissions on the `coordination.k8s.io/leases` resource for leaderelection lock
@@ -352,11 +352,11 @@ _Changes:_
 
 ### 1.2.0
 
-Image:
+Image: 
 - k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
 - k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5
 
-This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`.  Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil".
+This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced.. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`.  Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil".
 
 _Changes:_
 
@@ -419,7 +419,7 @@ _Changes:_
 **Image:**
 - k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2
 
-This release upgrades Alpine to 3.14.4 and nginx to 1.19.10
+This release upgrades Alpine to 3.14.4 and nginx to 1.19.10 
 
 Patches [OpenSSL CVE-2022-0778](https://github.com/kubernetes/ingress-nginx/issues/8339)
 
@@ -460,7 +460,7 @@ _Changes:_
 
 ### 1.1.2
 
-**Image:**
+**Image:** 
 - k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c
 
 This release bumps grpc version to 1.44.0 & runc to version 1.1.0. The release also re-introduces the ingress.class annotation, which was previously declared as deprecated. Besides that, several bug fixes and improvements are listed below.
@@ -502,7 +502,7 @@ _Changes:_
 
 ### 1.1.1
 
-**Image:**
+**Image:** 
 - k8s.gcr.io/ingress-nginx/controller:v1.1.1@sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de
 
 This release contains several fixes and improvements. This image is now built using Go v1.17.6 and gRPC v1.43.0. See detailed list below.
@@ -571,9 +571,9 @@ _Changes:_
 
 _Possible Breaking Change_
 We now implement string sanitization in annotation values. This means that words like "location", "by_lua" and
-others will drop the reconciliation of an Ingress object.
+others will drop the reconciliation of an Ingress object. 
 
-Users from mod_security and other features should be aware that some blocked values may be used by those features
+Users from mod_security and other features should be aware that some blocked values may be used by those features 
 and must be manually unblocked by the Ingress Administrator.
 
 For more details please check [https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#annotation-value-word-blocklist]
@@ -592,7 +592,7 @@ _Changes:_
 - k8s.gcr.io/ingress-nginx/controller:v1.0.4@sha256:545cff00370f28363dad31e3b59a94ba377854d3a11f18988f5f9e56841ef9ef
 
 _Possible Breaking Change_
-We have disabled the builtin ssl_session_cache due to possible memory fragmentation. This should not impact the majority of users, but please let us know
+We have disabled the builtin ssl_session_cache due to possible memory fragmentation. This should not impact the majority of users, but please let us know 
 if you face any problem
 
 _Changes:_
@@ -608,7 +608,7 @@ _Changes:_
 - k8s.gcr.io/ingress-nginx/controller:v1.0.3@sha256:4ade87838eb8256b094fbb5272d7dda9b6c7fa8b759e6af5383c1300996a7452
 
 **Known Issues**
-* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.4, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578).
+* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.4, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). 
 
 _New Features:_
 
@@ -624,7 +624,7 @@ _Changes:_
 - k8s.gcr.io/ingress-nginx/controller:v1.0.2@sha256:85b53b493d6d658d8c013449223b0ffd739c76d76dc9bf9000786669ec04e049
 
 **Known Issues**
-* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.3, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578).
+* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.3, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). 
 
 _New Features:_
 
@@ -640,7 +640,7 @@ _Changes:_
 - k8s.gcr.io/ingress-nginx/controller:v1.0.1@sha256:26bbd57f32bac3b30f90373005ef669aae324a4de4c19588a13ddba399c6664e
 
 **Known Issues**
-* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.2, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578).
+* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.2, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). 
 
 _New Features:_
 
@@ -883,7 +883,7 @@ _Changes:_
   test #7255 
 - [X] [#7216](https://github.com/kubernetes/ingress-nginx/pull/7216) Admission: Skip validation checks if an ingress 
   is marked as deleted #7216
-
+  
 ### 1.0.0-beta.3
 ** This is a breaking change**
 
@@ -2057,7 +2057,7 @@ _Breaking Changes:_
 
   ```
   Due to upcoming data privacy regulations, we are making significant changes to how you access free GeoLite2 databases starting December 30, 2019.
-  Learn more on our blog https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/
+  Learn more on our blog https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
   ```
 
   Because of this change, it is not clear we can provide the databases directly from the docker image.
@@ -2193,7 +2193,7 @@ _New Features:_
 
   If the active connections end before that, the pod will terminate gracefully at that time.
 
-  To effectively take advantage of this feature, the Configmap feature [worker-shutdown-timeout](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) new value is `240s` instead of `10s`.
+  To efectively take advantage of this feature, the Configmap feature [worker-shutdown-timeout](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) new value is `240s` instead of `10s`.
 
   **IMPORTANT:** this value has a side effect during reloads, consuming more memory until the old NGINX workers are replaced.
 
@@ -2603,7 +2603,7 @@ _New Features:_
 _Breaking changes:_
 
 - The NGINX server listening in port 18080 was removed. It was replaced by a server using an unix socket as port [#3684](https://github.com/kubernetes/ingress-nginx/pull/3684)
-  This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the `http-snippet` feature in the configuration configmap like:
+  This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the `http-snipet` feature in the configuration configmap like:
 
   ```yaml
   http-snippet: |

Changelog.md.gotmpl

@@ -0,0 +1,15 @@
+# Changelog
+
+### {{  .Version }}
+Images:
+{{ with .ControllerImages }}
+{{ range . }} * {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }}
+{{ end }} {{ end }}
+### All Changes:
+{{ with .Updates }}
+{{ range . }}* {{ . }}
+{{ end }}{{ end }}
+### Dependencies updates: {{ with .DepUpdates }}
+{{ range . }}* {{ . }}
+{{ end }} {{ end }}
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }}

GOLANG_VERSION

@@ -1 +0,0 @@
-1.23.6

MANUAL_RELEASE.md

@@ -93,7 +93,7 @@ Promoting the images basically means that images, that were pushed to staging co
 
   ```
   ...
-  pushing manifest for us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
+  pushing manifest for gcr.io/k8s-staging-ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
   ...
   ```
 
@@ -113,7 +113,7 @@ Promoting the images basically means that images, that were pushed to staging co
 
 - For making, it easier, you can edit your branch directly in the browser. But be careful about making any mistake.
 
-- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml)  Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
+- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml)  Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
 
 - Save and commit
 
@@ -177,21 +177,21 @@ Promoting the images basically means that images, that were pushed to staging co
             ```
             - The -L 38 was used for 2 reasons.
               - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR.
-              -  The other reason to use -L 38 was to omit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs.
+              -  The other reason to use -L 38 was to ommit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs.
             - If you save the output of above command to a file called prlist.txt. It looks somewhat like this ;
 
               ```
-              % cat ~/Downloads/prlist.txt
+              % cat ~/Downloads/prlist.txt 
               8129    fix syntax in docs for multi-tls example
               8120    Update go in runner and release v1.1.1
               8119    Update to go v1.17.6
               8118    Remove deprecated libraries, update other libs
               8117    Fix codegen errors
-              8115    chart/ghaction: set the correct permission to have access to push a release
+              8115    chart/ghaction: set the correct permission to have access to push a release 
               ....
               ```
               You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. You can also delete the lines that are housekeeping or not really worth mentioning in the changelog.
-          -  you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, it's possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links.
+          -  you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. 
 
             ```
             #!/usr/bin/bash
@@ -205,7 +205,7 @@ Promoting the images basically means that images, that were pushed to staging co
             done <$file
 
             ```
-          - There was a parsing issue and path issue on MacOS, so above script had to be modified and MacOS monterey compatible script is below ;
+          - There was a parsing issue and path issue on MacOS, so above scrpt had to be modified and MacOS monterey compatible script is below ;
 
             ```
             #!/bin/bash
@@ -226,18 +226,19 @@ Promoting the images basically means that images, that were pushed to staging co
           ```
 
 ### d. Edit the values.yaml and run helm-docs
-
   - [Fields to edit in values.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml)
 
     - tag
     - digest
 
-  - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a Helm chart automatically. In the CI pipeline workflow of GitHub actions (.github/workflows/ci.yaml), you can see how helm-docs is used. The CI pipeline is not designed to make commits back into the project, so we need to run helm-docs manually and commit the resulting generated README.md. You can obtain a recent version of the helm-docs binary here: https://github.com/norwoodj/helm-docs/releases.
+  - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md 
     ```
-    helm-docs --chart-search-root charts
-    git diff charts/ingress-nginx/README.md
+          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
+          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
+          git diff --exit-code
+          rm -f ./helm-docs
     ```
-    Take care of not leaving the helm-docs executable in your clone workspace or not committing the new README.md.
+    Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not checking the new README.md manually etc.
 
 ### e. Edit the static manifests
 
@@ -273,7 +274,7 @@ Promoting the images basically means that images, that were pushed to staging co
 
 ### h. Update README.md
 
-- Update the table in README.md in the root of the project to reflect the support matrix. Add the new release version and details in there.
+- Update the table in README.md in the root of the projet to reflect the support matrix. Add the new release version and details in there.
 
 ## 5. RELEASE new version
 
@@ -290,7 +291,7 @@ Promoting the images basically means that images, that were pushed to staging co
  - `helm repo update`
  - `helm search repo ingress-nginx`
 
-## 6. GitHub release
+## 6. Github release
 
 - Release to github
 

Makefile

@@ -29,11 +29,6 @@ SHELL=/bin/bash -o pipefail -o errexit
 # Use the 0.0 tag for testing, it shouldn't clobber any release builds
 TAG ?= $(shell cat TAG)
 
-# The env below is called GO_VERSION and not GOLANG_VERSION because 
-# the gcb image we use to build already defines GOLANG_VERSION and is a 
-# really old version
-GO_VERSION ?= $(shell cat GOLANG_VERSION)
-
 # e2e settings
 # Allow limiting the scope of the e2e tests. By default run everything
 FOCUS ?=
@@ -58,7 +53,7 @@ ifneq ($(PLATFORM),)
 	PLATFORM_FLAG="--platform"
 endif
 
-REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
+REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
 
 BASE_IMAGE ?= $(shell cat NGINX_BASE)
 
@@ -73,6 +68,7 @@ image: clean-image ## Build image for a particular arch.
 	docker build \
 		${PLATFORM_FLAG} ${PLATFORM} \
 		--no-cache \
+		--pull \
 		--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
 		--build-arg VERSION="$(TAG)" \
 		--build-arg TARGETARCH="$(ARCH)" \
@@ -89,6 +85,7 @@ image-chroot: clean-chroot-image ## Build image for a particular arch.
 	echo "Building docker image ($(ARCH))..."
 	docker build \
 		--no-cache \
+		--pull \
 		--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
 		--build-arg VERSION="$(TAG)" \
 		--build-arg TARGETARCH="$(ARCH)" \
@@ -110,7 +107,7 @@ clean-chroot-image: ## Removes local image
 
 .PHONY: build
 build:  ## Build ingress controller, debug tool and pre-stop hook.
-	E2E_IMAGE=golang:$(GO_VERSION)-alpine3.21 USE_SHELL=/bin/sh build/run-in-docker.sh \
+	build/run-in-docker.sh \
 		MAC_OS=$(MAC_OS) \
 		PKG=$(PKG) \
 		ARCH=$(ARCH) \
@@ -124,9 +121,6 @@ build:  ## Build ingress controller, debug tool and pre-stop hook.
 clean: ## Remove .gocache directory.
 	rm -rf bin/ .gocache/ .cache/
 
-.PHONY: verify-docs
-verify-docs: ## Verify doc generation
-	hack/verify-annotation-docs.sh
 
 .PHONY: static-check
 static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint.
@@ -216,9 +210,8 @@ live-docs: ## Build and launch a local copy of the documentation website in http
 	@docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \
 		-p 8000:8000 \
 		-v ${PWD}:/docs \
-		--entrypoint /bin/bash   \
-		ingress-nginx-docs \
-		-c "pip install -r /docs/docs/requirements.txt && mkdocs serve --dev-addr=0.0.0.0:8000"
+		--entrypoint mkdocs \
+		ingress-nginx-docs serve --dev-addr=0.0.0.0:8000
 
 .PHONY: misspell
 misspell:  ## Check for spelling errors.
@@ -240,8 +233,8 @@ ensure-buildx:
 show-version:
 	echo -n $(TAG)
 
-PLATFORMS ?= amd64 arm arm64
-BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64
+PLATFORMS ?= amd64 arm arm64 s390x
+BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64,linux/s390x
 
 .PHONY: release # Build a multi-arch docker image
 release: ensure-buildx clean

NEW_CONTRIBUTOR.md

@@ -20,14 +20,14 @@ It all starts with the OSI model...
 ### Approaching the problem
 
 
-Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, it's the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy.
+Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, its the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy.
 
 Here we take a bird's eye-view of the hops in the network plumbing, that a packet takes, from source to destination, when we run `curl`, from a laptop to a nginx webserver process, running in a container, inside a pod, inside a Kubernetes cluster, created using `kind` or `minikube` or any other cluster-management tool.
 
 ### [Kind](https://kind.sigs.k8s.io/) cluster example on a Linux Host
 
 #### TL;DR
-The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5`
+The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5`
 
 Command:
 ```
@@ -325,9 +325,9 @@ minikube start
 🐳  Preparing Kubernetes v1.23.3 on Docker 20.10.12 ...
     ▪ kubelet.housekeeping-interval=5m
 🔎  Verifying Kubernetes components...
-    ▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
-    ▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
-    ▪ Using image registry.k8s.io/ingress-nginx/controller:v1.2.1
+    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
+    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
+    ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1
     ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
 🔎  Verifying ingress addon...
 🌟  Enabled addons: ingress, storage-provisioner, default-storageclass
@@ -435,7 +435,7 @@ virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 ```
 Output Relevance: From the above output you can see there are two Virtual Bridges created by minikube when we created the cluster on the network. Here, `virbr0` is the default NAT network bridge while `virbr2` is a isolated network bridge on which the pods run.
 
-Minikube creates a Virtual Machine, to enter the virtual machine we can simply do:
+Minikube creates a Virtual Machine, to enter the virtual machine we can simple do:
 ```
 # minikube ssh
 ```
@@ -707,7 +707,7 @@ NAME    TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
 httpd   ClusterIP   10.104.111.0   <none>        80/TCP    13s
 ```
 
-Once we have this we can now create an ingress using the following
+Once we have this we can now create a n ingress using the following
 ```
 kubectl -n httpd create ingress httpd --class nginx --rule httpd.dev.leonnunes.com/"*"=httpd:80
 ```
@@ -771,7 +771,7 @@ Hypertext Transfer Protocol
     [Response in frame: 6]
 
 ```
-The above output shows the information that the `httpd` pod receives. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller
+The above output shows the information that the `httpd` pod recieves. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller
 
 The following output shows what is sent via the laptop.
 ```

NGINX_BASE

@@ -1 +1 @@
-registry.k8s.io/ingress-nginx/nginx:v2.0.0@sha256:3e7bda4cf5111d283ed1e4ff5cc9a2b5cdc5ebe62d50ba67473d3e25b1389133
+registry.k8s.io/ingress-nginx/nginx:v20231011-8b53cabe0@sha256:34881d62f71e8573fb765c40585dba28a1148206fbbe2c3871ad3f4e8c6e360f

OWNERS

@@ -1,4 +1,4 @@
-# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
+# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
 
 approvers:
 - ingress-nginx-maintainers
@@ -7,7 +7,6 @@ reviewers:
 - ingress-nginx-reviewers
 
 emeritus_approvers:
-- aledbf # 2020-04-02
+- aledbf  # 2020-04-02
 - bowei # 2022-10-12
 - ElvinEfendi # 2023-04-23
-- rikatz # 2024-12-15

OWNERS_ALIASES

@@ -1,17 +1,40 @@
-# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
+# See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md
 
 aliases:
-  ingress-nginx-maintainers:
-  - cpanato
-  - Gacko
+  sig-network-leads:
+  - caseydavenport
+  - dcbw
+  - thockin
+
+  ingress-nginx-admins:
+  - rikatz
   - strongjz
+
+  ingress-nginx-maintainers:
+  - rikatz
+  - strongjz
+  - cpanato
+  - puerco
   - tao12345666333
 
   ingress-nginx-reviewers:
-  - cpanato
-  - Gacko
+  - rikatz
   - strongjz
+  - puerco
+  - cpanato
   - tao12345666333
 
+  ingress-nginx-helm-maintainers:
+  - cpanato
+  - strongjz
+
+  ingress-nginx-helm-reviewers:
+  - cpanato
+  - strongjz
+
   ingress-nginx-docs-maintainers:
   - longwuyuan
+  - tao12345666333
+
+  ingress-nginx-kube-webhook-certgen-reviewers:
+  - invidian

README.md

@@ -6,19 +6,18 @@
 [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers)
 [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md)
 
+
 ## Overview
 
 ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load
 balancer.
 
-[Learn more about Ingress on the Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/).
+[Learn more about Ingress on the main Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/).
 
 ## Get started
 
 See the [Getting Started](https://kubernetes.github.io/ingress-nginx/deploy/) document.
 
-Do not use in multi-tenant Kubernetes production installations. This project assumes that users that can create Ingress objects are administrators of the cluster. See the [FAQ](https://kubernetes.github.io/ingress-nginx/faq/#faq) for more.
-
 ## Troubleshooting
 
 If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md),
@@ -29,7 +28,7 @@ If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.
 
 See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) for all changes.
 For detailed changes for each release, please check the [changelog-$version.md](./changelog) file for the release version.
-For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version.
+For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version
 [CHANGELOG-$current-version.md](./charts/ingress-nginx/changelog) file.
 
 ### Supported Versions table
@@ -37,34 +36,23 @@ For detailed changes on the `ingress-nginx` helm chart, please check the changel
 Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for
 the versions listed. Ingress-Nginx versions **may** work on older versions, but the project does not make that guarantee.
 
-| Supported | Ingress-NGINX version | k8s supported version         | Alpine Version | Nginx Version | Helm Chart Version |
-| :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
-|    🔄     | **v1.12.0**           | 1.32, 1.31, 1.30, 1.29, 1.28  | 3.21.0         | 1.25.5        | 4.12.0             |
-|    🔄     | **v1.12.0-beta.0**    | 1.32, 1.31, 1.30, 1.29, 1.28  | 3.20.3         | 1.25.5        | 4.12.0-beta.0      |
-|    🔄     | **v1.11.4**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.21.0         | 1.25.5        | 4.11.4             |
-|    🔄     | **v1.11.3**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.3         | 1.25.5        | 4.11.3             |
-|    🔄     | **v1.11.2**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.11.2             |
-|    🔄     | **v1.11.1**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.11.1             |
-|    🔄     | **v1.11.0**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.11.0             |
-|           | **v1.10.6**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.21.0         | 1.25.5        | 4.10.6             |
-|           | **v1.10.5**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.3         | 1.25.5        | 4.10.5             |
-|           | **v1.10.4**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.4             |
-|           | **v1.10.3**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.3             |
-|           | **v1.10.2**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.2             |
-|           | **v1.10.1**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.19.1         | 1.25.3        | 4.10.1             |
-|           | **v1.10.0**           | 1.29, 1.28, 1.27, 1.26        | 3.19.1         | 1.25.3        | 4.10.0             |
-|           | v1.9.6                | 1.29, 1.28, 1.27, 1.26, 1.25  | 3.19.0         | 1.21.6        | 4.9.1              |
-|           | v1.9.5                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0              |
-|           | v1.9.4                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3              |
-|           | v1.9.3                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*              |
-|           | v1.9.1                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*              |
-|           | v1.9.0                | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*              |
-|           | v1.8.4                | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
-|           | v1.7.1                | 1.27, 1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
-|           | v1.6.4                | 1.26, 1.25, 1.24, 1.23        | 3.17.0         | 1.21.6        | 4.5.*              |
-|           | v1.5.1                | 1.25, 1.24, 1.23              | 3.16.2         | 1.21.6        | 4.4.*              |
-|           | v1.4.0                | 1.25, 1.24, 1.23, 1.22        | 3.16.2         | 1.19.10†      | 4.3.0              |
-|           | v1.3.1                | 1.24, 1.23, 1.22, 1.21, 1.20  | 3.16.2         | 1.19.10†      | 4.2.5              |
+|  Supported  | Ingress-NGINX version | k8s supported version        | Alpine Version | Nginx Version | Helm Chart Version |
+|:--:|-----------------------|------------------------------|----------------|---------------|------------------------------|
+| 🔄 | **v1.9.4**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3*                        |
+| 🔄 | **v1.9.3**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.9.1**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.9.0**            | 1.28, 1.27,1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.8.4**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
+| 🔄 | **v1.8.2**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
+| 🔄 | **v1.8.1**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
+| 🔄 | **v1.8.0**            | 1.27,1.26, 1.25, 1.24        | 3.18.0         | 1.21.6        | 4.7.*              |
+| 🔄 | **v1.7.1**            | 1.27,1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
+| 🔄 | **v1.7.0**            | 1.26, 1.25, 1.24             | 3.17.2         | 1.21.6        | 4.6.*              |
+|    | **v1.6.4**            | 1.26, 1.25, 1.24, 1.23       | 3.17.0         | 1.21.6        | 4.5.*              |
+|    | v1.5.1                | 1.25, 1.24, 1.23             | 3.16.2         | 1.21.6        | 4.4.*              |
+|    | v1.4.0                | 1.25, 1.24, 1.23, 1.22       | 3.16.2         | 1.19.10†      | 4.3.0              |
+|    | v1.3.1                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2         | 1.19.10†      | 4.2.5              |
+|    | v1.3.0                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0         | 1.19.10†      | 4.2.3              |
 
 See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable
 Ingress API.
@@ -75,6 +63,7 @@ Thanks for taking the time to join our community and start contributing!
 
 - This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md).
   By participating in this project, you agree to abide by its terms.
+
 - **Contributing**: Contributions of all kinds are welcome!
 
   - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we
@@ -83,8 +72,8 @@ Thanks for taking the time to join our community and start contributing!
   - Submit GitHub issues for any feature enhancements, bugs, or documentation problems.
     - Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**.
   - Join our [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
-- **Support**:
 
+- **Support**:
   - Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users.
   - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
   - **Discuss**: Tweet using the `#IngressNginx` hashtag or sharing with us [@IngressNginx](https://twitter.com/IngressNGINX).

SECURITY_CONTACTS

@@ -9,5 +9,6 @@
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
 # INSTRUCTIONS AT https://kubernetes.io/security/
-Gacko
+bowei
+rikatz
 strongjz

TAG

@@ -0,0 +1 @@
+v1.9.3

build/build.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Copyright 2018 The Kubernetes Authors.
 #
@@ -25,15 +25,24 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+declare -a mandatory
+mandatory=(
+  PKG
+  ARCH
+  COMMIT_SHA
+  REPO_INFO
+  TAG
+)
 
-if [ -z "$PKG" ] || [ -z "$ARCH" ] || [ -z "$COMMIT_SHA" ] || [ -z "$REPO_INFO" ] || [ -z "$TAG" ]; then
-  echo "Environments PKG, ARCH, COMMIT_SHA, REPO_INFO and TAG are required"
-  exit 1 
-fi
-
+for var in "${mandatory[@]}"; do
+  if [[ -z "${!var:-}" ]]; then
+    echo "Environment variable $var must be set"
+    exit 1
+  fi
+done
 
 export CGO_ENABLED=0
-export GOARCH="${ARCH}"
+export GOARCH=${ARCH}
 
 TARGETS_DIR="rootfs/bin/${ARCH}"
 echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} directory."
@@ -66,4 +75,4 @@ ${GO_BUILD_CMD} \
   -X ${PKG}/version.COMMIT=${COMMIT_SHA} \
   -X ${PKG}/version.REPO=${REPO_INFO}" \
   -buildvcs=false \
-  -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown"
+  -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown"

build/dev-env.sh

@@ -64,7 +64,7 @@ echo "[dev-env] building image"
 make build image
 docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
 
-export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027}
+export K8S_VERSION=${K8S_VERSION:-v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f}
 
 KIND_CLUSTER_NAME="ingress-nginx-dev"
 

build/run-in-docker.sh

@@ -26,11 +26,14 @@ set -o nounset
 set -o pipefail
 
 # temporal directory for the /etc/ingress-controller directory
-if [[ "$OSTYPE" == darwin* ]]; then
+if [[ "$OSTYPE" == darwin* ]] && [[ "$RUNTIME" == podman ]]; then
   mkdir -p "tmp"
   INGRESS_VOLUME=$(pwd)/$(mktemp -d tmp/XXXXXX)
 else
   INGRESS_VOLUME=$(mktemp -d)
+  if [[ "$OSTYPE" == darwin* ]]; then
+    INGRESS_VOLUME=/private$INGRESS_VOLUME
+  fi
 fi
 
 # make sure directory for SSL cert storage exists under ingress volume
@@ -41,7 +44,7 @@ function cleanup {
 }
 trap cleanup EXIT
 
-E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441}
+E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20231011-8b53cabe0@sha256:ed0dad805c635e66469b4ac376010eebdd0b3fe62d753f58db1632d6f12f451d}
 
 if [[ "$RUNTIME" == podman ]]; then
   # Podman does not support both tag and digest
@@ -73,13 +76,18 @@ fi
 
 USER=${USER:-nobody}
 
-USE_SHELL=${USE_SHELL:-"/bin/bash"}
+#echo "..printing env & other vars to stdout"
+#echo "HOSTNAME=`hostname`"
+#uname -a
+#env
+#echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED"
+#echo "done..printing env & other vars to stdout"
 
 if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
   echo "..reached DIND check TRUE block, inside run-in-docker.sh"
   echo "FLAGS=$FLAGS"
   #go env
-  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.22.2
+  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.13.0
   find / -type f -name ginkgo 2>/dev/null
   which ginkgo
   /bin/bash -c "${FLAGS}"
@@ -92,5 +100,5 @@ else
     args="$args -v /var/run/docker.sock:/var/run/docker.sock"
   fi
 
-  ${RUNTIME} run $args ${E2E_IMAGE} ${USE_SHELL} -c "${FLAGS}"
+  ${RUNTIME} run $args ${E2E_IMAGE} /bin/bash -c "${FLAGS}"
 fi

build/run-ingress-controller.sh

@@ -49,7 +49,7 @@ fi
 SSL_VOLUME=$(mktemp -d)
 
 function cleanup {
-    echo -e "${BGREEN}Stopping kubectl proxy${NC}"
+    echo -e "${BGREEN}Stoping kubectl proxy${NC}"
     rm -rf "${SSL_VOLUME}"
     kill "$proxy_pid"
 }

changelog/Changelog-1.6.4.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.6.4
-
 Images:
 
-* registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
-* registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
-
-### All changes:
+ * registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
+ * registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
+ 
+### All Changes:
 
 * remove tests and regex path checks (#9626)
 * Fix incorrect annotation name in upstream hashing configuration (#9617)
@@ -83,7 +82,7 @@ Images:
 * ModSecurity dependencies update to avoid Memory Leaks (#9330)
 * fix(hpa): deprecated api version, bump to v2 (#9348)
 * fix(typo): pluralize provider (#9346)
-* removed deprecation message for ingressClass annotation (#9357)
+* removed deprecation messsage for ingressClass annotation (#9357)
 * added ginkgo junit reports (#9350)
 * Fix typos found by codespell (#9353)
 * bumped ginkgo to v2.5.1 in testrunner (#9340)
@@ -100,8 +99,7 @@ Images:
 * PDB: Add `maxUnavailable`. (#9278)
 * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
 * Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
 * Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
@@ -134,5 +132,5 @@ Images:
 * Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317)
 * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301)
 * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4

changelog/Changelog-1.7.0.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.7.0
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
+ 
+### All Changes:
 
 * kick off 1.7.0 build (#9775)
 * Update exposing-tcp-udp-services.md (#9777)
@@ -47,8 +46,7 @@ Images:
 * Fix incorrect annotation name in upstream hashing configuration (#9617)
 * Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767)
 * Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764)
 * Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766)
@@ -76,5 +74,5 @@ Images:
 * Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610)
 * Bump github.com/prometheus/client_golang (#9630)
 * Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0

changelog/Changelog-1.7.1.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.7.1
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
+ 
+### All Changes:
 
 * Update TAG - 1.7.1 (#9922)
 * Update dependabot to watch docker images (#9600)
@@ -15,7 +14,7 @@ Images:
 * Add support for --container flag (#9703)
 * Fix typo in OpenTelemetry (#9903)
 * ensure make lua-test runs locally (#9902)
-* update k8s.io dependencies to v0.26.4 (#9893)
+* update k8s.io dependecies to v0.26.4 (#9893)
 * Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
 * I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883)
 * Update k8s versions (#9879)
@@ -31,8 +30,7 @@ Images:
 * Values: Fix indention of commented values. (#9812)
 * The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912)
 * Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868)
 * Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888)
@@ -50,5 +48,5 @@ Images:
 * Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795)
 * Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794)
 * Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1

changelog/Changelog-1.8.0.md

@@ -1,28 +1,31 @@
 # Changelog
 
 ### 1.8.0
-
 Images:
 
 * registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.0@sha256:a45e41cd2b7670adf829759878f512d4208d0aec1869dae593a0fecd09a5e49e
 
-### Important changes:
+### Important Changes:
 
 * Validate path types (#9967)
 * images: upgrade to Alpine 3.18 (#9997)
 * Update documentation to reflect project name; Ingress-Nginx Controller
 
-For improving security, our 1.8.0 release includes a [new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) that limits the characters accepted  on ".spec paths.path" when pathType=Exact or athType=Prefix, to alphanumeric characters only.
-
-More information can be found on our [Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing), our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
+For improving security on our 1.8.0 release includes a 
+[new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) 
+that limits the characters accepted  on ".spec paths.path" when pathType=Exact or pathType=Prefix, 
+to alphanumeric characters only. More information can be found on our 
+[Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing)
+, our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
+or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
 
 ### Community Updates
 
 We are now posting updates and release to our twitter handle, [@IngressNginx](https://twitter.com/IngressNGINX) and
 on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
 
-### All changes:
+### All Changes:
 
 * Add legacy to OpenTelemetry migration doc (#10011)
 * changed tagsha to recent builds (#10001)
@@ -39,7 +42,7 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet
 * Correct annotations in monitoring docs (#9976)
 * fix: avoid builds and tests for changes to markdown (#9962)
 * Validate path types (#9967)
-* HPA: Use capabilities & align manifests. (#9521)
+* HPA: Use capabilites & align manifests. (#9521)
 * Use dl.k8s.io instead of hardcoded GCS URIs (#9946)
 * add option for annotations in PodDisruptionBudget (#9843)
 * chore: update httpbin to httpbun (#9919)
@@ -61,4 +64,4 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet
 * Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#9937)
 * Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#9936)
 
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0

changelog/Changelog-1.8.1.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.8.1
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627
+ 
+### All Changes:
 
 * netlify: Only trigger preview when there are changes in docs. (#10144)
 * changed to updated baseimage and reverted tag (#10143)
@@ -49,8 +48,7 @@ Images:
 * added helmshowvalues example (#10019)
 * release controller 1.8.0 and chart 4.7.0 (#10017)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#10133)
 * Bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#10134)
 * Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#10106)
@@ -65,5 +63,5 @@ Images:
 * Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#10042)
 * Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#10041)
 * Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#10005)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.0...controller-controller-v1.8.1

changelog/Changelog-1.8.2.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.8.2
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133
+ 
+### All Changes:
 
 * Release v1.8.2 and Update Go to v1.21.1 (#10379)
 * Making auth access logs optional (#10380)
@@ -16,4 +15,5 @@ Images:
 * [release-1.8] Update images tags after adding git data in gcloud (#10233)
 * [release-1.8] Golang 1.20.6 for test runner (#10231)
 
+### Dependencies updates: 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.1...controller-controller-v1.8.2

changelog/Changelog-1.9.0-beta.0.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.9.0-beta.0
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c
+ 
+### All Changes:
 
 * Rework mage (#10418)
 * Start release of v1.9.0 beta0 (#10407)
@@ -26,7 +25,7 @@ Images:
 * Add golangci github action and replace the deprecated golint (#10187)
 * BUGFIX incorrect indentation (#10254)
 * Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
-* fix: path with special characters warning #10281 #10308 (#10330)
+* fix: path with sepecial characters warning #10281 #10308 (#10330)
 * Fix golangci-lint errors (#10196)
 * chore(build): Fix Run make dev-env syntax error (#10294)
 * Add firewall configuration to quick start documentation (#10357)
@@ -60,8 +59,7 @@ Images:
 * Deprecate and remove AJP support (#10158)
 * release notes 1.8.1 (#10161)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355)
 * Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399)
 * Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403)
@@ -91,5 +89,5 @@ Images:
 * Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192)
 * Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191)
 * Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0-beta.0

changelog/Changelog-1.9.0.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.9.0
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5
+ 
+### All Changes:
 
 * Rework mage (#10418)
 * Start release of v1.9.0 beta0 (#10407)
@@ -26,7 +25,7 @@ Images:
 * Add golangci github action and replace the deprecated golint (#10187)
 * BUGFIX incorrect indentation (#10254)
 * Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
-* fix: path with special characters warning #10281 #10308 (#10330)
+* fix: path with sepecial characters warning #10281 #10308 (#10330)
 * Fix golangci-lint errors (#10196)
 * chore(build): Fix Run make dev-env syntax error (#10294)
 * Add firewall configuration to quick start documentation (#10357)
@@ -60,8 +59,7 @@ Images:
 * Deprecate and remove AJP support (#10158)
 * release notes 1.8.1 (#10161)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355)
 * Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399)
 * Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403)
@@ -91,5 +89,5 @@ Images:
 * Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192)
 * Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191)
 * Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0

changelog/Changelog-1.9.1.md

@@ -1,21 +1,19 @@
 # Changelog
 
 ### 1.9.1
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836
+ 
+### All Changes:
 
 * upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
 * Start v1.9.1 release (#10463)
 * Accept backend protocol on any case (#10461)
 * Chart: Rework network policies. (#10438)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.0...controller-controller-v1.9.1

changelog/Changelog-1.9.3.md

@@ -1,13 +1,12 @@
 # Changelog
 
 ### 1.9.3
-
 Images:
 
-* registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86
-
-### All changes:
+ * registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86
+ 
+### All Changes:
 
 * update nginx base, httpbun, e2e, helm webhook cert gen (#10506)
 * added warning for configuration-snippets usage (#10492)
@@ -17,13 +16,12 @@ Images:
 * update error and otel to have all the arch we support (#10476)
 * Remove curl from nginx base image (#10477)
 
-### Dependency updates:
-
+### Dependencies updates: 
 * Bump x/net (#10514)
 * Bump curl and Go version (#10503)
 * Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#10496)
 * Bump github.com/prometheus/client_model (#10486)
 * Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#10487)
 * Bump golang.org/x/crypto from 0.13.0 to 0.14.0 (#10485)
-
+ 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.1...controller-controller-v1.9.3

changelog/Changelog-1.9.4.md

@@ -0,0 +1,13 @@
+# Changelog
+
+### 1.9.4
+Images:
+
+ * registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
+ * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
+ 
+### All Changes:
+
+* Cherry pick fcgi fix and release v1.9.4 (#10544)
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.3...controller-controller-v1.9.4

changelog/controller-1.10.0.md

@@ -1,68 +0,0 @@
-# Changelog
-
-This release is the first using NGINX v1.25.0!
-
-## Breaking changes
-* This version does not support chroot image, this will be fixed on a future minor patch release
-* This version dropped Opentracing and zipkin modules, just Opentelemetry is supported
-* This version dropped support for PodSecurityPolicy
-* This version dropped support for GeoIP (legacy). Only GeoIP2 is supported
-
-### controller-v1.10.0
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
-
-### All changes:
-
-* Start the release of v1.10.0 (#11038)
-* bump nginx and Go, remove tag file and old CI jobs (#11037)
-* Fix kubewebhook image tag (#11033)
-* add missing backend-protocol annotation option (#9545)
-* Update controller-prometheusrules.yaml (#8902)
-* Stop reporting interrupted tests (#11027)
-* test(gzip): reach ingress (#9541)
-* fix datasource, $exported_namespace variable in grafana nginx dashboard (#9092)
-* Properly support a TLS-wrapped OCSP responder (#10164)
-* Fix print-e2e-suite (#9536)
-* chore(deps): upgrade headers-more module to 0.37 (#10991)
-* Update ingress-path-matching.md (#11008)
-* Update ingress-path-matching.md (#11007)
-* E2E Tests: Explicitly enable metrics. (#10962)
-* Chart: Set `--enable-metrics` depending on `controller.metrics.enabled`. (#10959)
-* Chart: Remove useless `default` from `_params.tpl`. (#10957)
-* Fix golang makefile var name (#10932)
-* Fixing image push (#10931)
-* fix: live-docs script (#10928)
-* docs: Add vouch-proxy OAuth example (#10929)
-* Add OTEL build test and for NGINX v1.25 (#10889)
-* docs: update annotations docs with missing session-cookie section (#10917)
-* Release controller 1.9.6 and helm 4.9.1 (#10919)
-
-### Dependency updates:
-
-* Bump kubewebhook certgen (#11034)
-* Bump go libraries (#11023)
-* Bump modsecurity on nginx 1.25 (#11024)
-* Bump grpc and reintroduce OTEL compilation (#11021)
-* Bump github/codeql-action from 3.24.0 to 3.24.5 (#11017)
-* Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#11016)
-* Bump dorny/paths-filter from 3.0.0 to 3.0.1 (#10994)
-* Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#10998)
-* Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#10978)
-* Bump actions/download-artifact from 4.1.1 to 4.1.2 (#10981)
-* Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#10979)
-* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#10980)
-* Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#10976)
-* Bump github/codeql-action from 3.23.2 to 3.24.0 (#10971)
-* Bump github.com/opencontainers/runc from 1.1.11 to 1.1.12 (#10951)
-* Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#10938)
-* Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#10937)
-* Bump dorny/test-reporter from 1.7.0 to 1.8.0 (#10936)
-* Bump github/codeql-action from 3.23.1 to 3.23.2 (#10935)
-* Bump dorny/paths-filter from 2.11.1 to 3.0.0 (#10934)
-* Bump alpine to 3.19.1 (#10930)
-* Bump go to v1.21.6 and set a single source of truth (#10926)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.6...controller-v1.10.0

changelog/controller-1.10.1.md

@@ -1,57 +0,0 @@
-# Changelog
-
-### controller-v1.10.1
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.1@sha256:c155954116b397163c88afcb3252462771bd7867017e8a17623e83601bab7ac7
-
-### All changes:
-
-* start 1.10.1 build (#11246)
-* force nginx rebuild (#11245)
-* update k8s version to latest kind release (#11241)
-* remove _ssl_expire_time_seconds metric by identifier (#11239)
-* update post submit helm ci and clean up (#11221)
-* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
-* sort default backend hpa metrics (#11217)
-* updated certgen image shatag (#11216)
-* changed testrunner image sha (#11211)
-* bumped certgeimage tag (#11213)
-* updated baseimage & deleted a useless file (#11209)
-* bump ginkgo to 2-17-1 in testrunner (#11204)
-* chunking related faq update (#11205)
-* Fix-semver (#11199)
-* refactor helm ci tests part I (#11188)
-* Proposal: e2e tests for regex patterns (#11185)
-* bump ginkgo to v2.17.1 (#11186)
-* fixes brotli build issue (#11187)
-* fix geoip2 configuration docs (#11151)
-* Fix typos in OTel doc (#11081) (#11129)
-* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
-* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
-* Chart: Align HPA & KEDA conditions. (#11113)
-* Chart: Improve IngressClass documentation. (#11111)
-* Chart: Add Gacko to maintainers. Again. (#11112)
-* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
-* Chores: Pick patches from main. (#11103)
-
-### Dependency updates:
-
-* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
-* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
-* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
-* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
-* Bump github.com/prometheus/client_model in the all group (#11231)
-* Bump the all group with 3 updates (#11230)
-* Bump the all group with 2 updates (#11190)
-* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
-* Bump the all group with 3 updates (#11166)
-* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
-* Bump the all group with 4 updates (#11140)
-* Bump the all group with 1 update (#11136)
-* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
-* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
-* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
-

changelog/controller-1.10.2.md

@@ -1,130 +0,0 @@
-# Changelog
-
-### controller-v1.10.2
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.2@sha256:c4395cba98f9721e3381d3c06e7994371bae20f5ab30e457cd7debe44a8c8c54
-
-### All changes:
-
-* update test runner to latest build (#11557)
-* add k8s 1.30 to ci build (#11553)
-* update test runner go base to 3.20 (#11550)
-* tag new test runner image with new nginx base 0.0.8 (#11549)
-* bump NGINX_BASE to v0.0.8 (#11543)
-* trigger build for NGINX-1.25 v0.0.8 (#11542)
-* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11548)
-* [feature] bump nginx to 1.25.5 and add http3 module (#11541)
-* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11534)
-* bump alpine version to 3.20 to custom-error-pages (#11537)
-* fix: Ensure changes in MatchCN annotation are detected (#11528)
-* Docs: Add information about HTTP/3 support. (#11525)
-* Docs: Specify `ingressClass` for multi-controller setup. (#11520)
-* Docs: Improve default certificate usage. (#11519)
-* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11500)
-* Update getting-started.md with new prerequisites (#11487)
-* Fix boolean configuration (#11484)
-* Chores: Align security contacts & chart maintainers to actual owners. (#11480)
-* CI: Bump forgotten Ginkgo versions. (#11469)
-* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11468)
-* Owners: Promote Gacko to admin. (#11464)
-* fixed fastcgi userguide (#11455)
-* Remove unnecessary space character (#11451)
-* fix for docs issue 11432 (#11446)
-* Update index.md (#11445)
-* upgrade to alpine 3.20 (#11438)
-* update golang to 1.22.4 (#11431)
-* Adapt dashboards for Grafana 11 compatibility (#11414)
-* Rename variable to fix typo (#11413)
-* Fix helm install on cloud provider admonition block (#11412)
-* edited helm-install tips (#11411)
-* added info for aws helm install (#11410)
-* added multiplecontrollers-howto to faq (#11409)
-* removed tlsv1 & tlsv1.1 (#11408)
-* Docs: Remove opentracing and zipkin from docs (#11405)
-* Go: Sync modules from `main`. (#11398)
-* add workflow to helm release and update ct for branch (#11317)
-* Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
-* Release Helm Chart on branch update (#11306)
-* Release controller 1.10.1 (#11298)
-* fix path in file changed detected message (#11286)
-* chore: fix function names in comment (#11281)
-* fix: update kube version requirement to 1.21 (#11279)
-* release helm chart from release branch (#11278)
-* start 1.10.1 build (#11246)
-* force nginx rebuild (#11245)
-* update k8s version to latest kind release (#11241)
-* remove _ssl_expire_time_seconds metric by identifier (#11239)
-* update post submit helm ci and clean up (#11221)
-* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
-* sort default backend hpa metrics (#11217)
-* updated certgen image shatag (#11216)
-* changed testrunner image sha (#11211)
-* bumped certgeimage tag (#11213)
-* updated baseimage & deleted a useless file (#11209)
-* bump ginkgo to 2-17-1 in testrunner (#11204)
-* chunking related faq update (#11205)
-* Fix-semver (#11199)
-* refactor helm ci tests part I (#11188)
-* Proposal: e2e tests for regex patterns (#11185)
-* bump ginkgo to v2.17.1 (#11186)
-* fixes brotli build issue (#11187)
-* fix geoip2 configuration docs (#11151)
-* Fix typos in OTel doc (#11081) (#11129)
-* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
-* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
-* Chart: Align HPA & KEDA conditions. (#11113)
-* Chart: Improve IngressClass documentation. (#11111)
-* Chart: Add Gacko to maintainers. Again. (#11112)
-* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
-* Chores: Pick patches from main. (#11103)
-* Start the release of v1.10.0 (#11038)
-
-### Dependency updates:
-
-* Bump the all group with 2 updates (#11524)
-* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11521)
-* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11501)
-* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11479)
-* Bump the all group with 3 updates (#11478)
-* Bump the all group with 2 updates (#11477)
-* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11471)
-* Bump sigs.k8s.io/controller-runtime in the all group (#11449)
-* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11447)
-* Bump the all group with 3 updates (#11450)
-* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11448)
-* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11422)
-* Bump the all group with 2 updates (#11421)
-* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11423)
-* Bump the all group across 1 directory with 6 updates (#11407)
-* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11406)
-* Bump the all group with 3 updates (#11404)
-* Bump Kubernetes version on images (#11403)
-* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11402)
-* Bump the all group with 4 updates (#11380)
-* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11301)
-* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11300)
-* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11285)
-* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11284)
-* Bump the all group with 2 updates (#11266)
-* Bump azure/setup-helm from 3.5 to 4 (#11265)
-* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11264)
-* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
-* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
-* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
-* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
-* Bump github.com/prometheus/client_model in the all group (#11231)
-* Bump the all group with 3 updates (#11230)
-* Bump the all group with 2 updates (#11190)
-* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
-* Bump the all group with 3 updates (#11166)
-* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
-* Bump the all group with 4 updates (#11140)
-* Bump the all group with 1 update (#11136)
-* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
-* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
-* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.1...controller-v1.10.2

changelog/controller-1.10.3.md

@@ -1,37 +0,0 @@
-# Changelog
-
-### controller-v1.10.3
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.3@sha256:b5a5082f8e508cc1aac1c0ef101dc2f87b63d51598a5747d81d6cf6e7ba058fd
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.3@sha256:9033e04bd3cd01f92414f8d5999c5095734d4caceb4923942298152a38373d4b
-
-### All changes:
-
-* Images: Trigger `controller` v1.10.3 build. (#11648)
-* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11646)
-* Images: Re-run `test-runner` build. (#11643)
-* Images: Trigger `test-runner` build. (#11639)
-* Images: Bump `NGINX_BASE` to v0.0.10. (#11637)
-* Images: Trigger NGINX build. (#11631)
-* bump testing runner (#11626)
-* remove modsecurity coreruleset test files from nginx image (#11619)
-* unskip the ocsp tests and update images to fix cfssl bug (#11615)
-* Fix indent in YAML for example pod (#11609)
-* Images: Bump `test-runner`. (#11604)
-* Images: Bump `NGINX_BASE` to v0.0.9. (#11601)
-* revert module upgrade (#11595)
-* README: Fix support matrix. (#11593)
-* Mage: Stop mutating release notes. (#11582)
-* Images: Bump `kube-webhook-certgen`. (#11583)
-
-### Dependency updates:
-
-* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11622)
-* Bump the all group with 5 updates (#11613)
-* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11579)
-* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11577)
-* Bump the all group with 4 updates (#11574)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.10.3

changelog/controller-1.10.4.md

@@ -1,53 +0,0 @@
-# Changelog
-
-### controller-v1.10.4
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.4@sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858
-
-### All changes:
-
-* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811)
-* Images: Trigger controller build. (#11808)
-* Tests & Docs: Bump images. (#11804)
-* Images: Trigger failed builds. (#11801)
-* Images: Trigger other builds. (#11797)
-* Controller: Fix panic in alternative backend merging. (#11793)
-* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11791)
-* Images: Trigger `test-runner` build. (#11786)
-* Images: Bump `NGINX_BASE` to v0.0.12. (#11783)
-* Images: Trigger NGINX build. (#11780)
-* Cloud Build: Add missing config, remove unused ones. (#11776)
-* Generate correct output on NumCPU() when using cgroups2 (#11775)
-* Cloud Build: Tweak timeouts. (#11762)
-* Cloud Build: Fix substitutions. (#11759)
-* Cloud Build: Some chores. (#11756)
-* Go: Bump to v1.22.6. (#11748)
-* Images: Bump `NGINX_BASE` to v0.0.11. (#11744)
-* Images: Trigger NGINX build. (#11736)
-* docs: update OpenSSL Roadmap link (#11734)
-* Go: Bump to v1.22.5. (#11731)
-* Docs: Fix typo in AWS LB Controller reference (#11724)
-* Perform some cleaning operations on line breaks. (#11722)
-* Missing anchors in regular expression. (#11718)
-* Docs: Fix `from-to-www` redirect description. (#11715)
-* Chart: Remove `isControllerTagValid`. (#11714)
-* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11704)
-* Docs: Clarify `from-to-www` redirect direction. (#11692)
-* added real-client-ip faq (#11665)
-* Docs: Format NGINX configuration table. (#11660)
-
-### Dependency updates:
-
-* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11772)
-* Bump the all group with 2 updates (#11770)
-* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11768)
-* Bump the all group with 3 updates (#11729)
-* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11700)
-* Bump the all group with 2 updates (#11697)
-* Bump the all group with 4 updates (#11676)
-* Bump the all group with 2 updates (#11674)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.3...controller-v1.10.4

changelog/controller-1.10.5.md

@@ -1,90 +0,0 @@
-# Changelog
-
-### controller-v1.10.5
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.5@sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.5@sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987
-
-### All changes:
-
-* Images: Trigger controller build. (#12133)
-* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12146)
-* Images: Trigger `e2e-test-echo` build. (#12142)
-* Images: Drop `s390x`. (#12139)
-* Images: Build `s390x` controller. (#12128)
-* Chart: Bump Kube Webhook CertGen. (#12122)
-* Tests & Docs: Bump images. (#12120)
-* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12116)
-* Images: Trigger other builds. (#12111)
-* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12104)
-* Images: Trigger `test-runner` build. (#12101)
-* Docs: Add a multi-tenant warning. (#12098)
-* Go: Bump to v1.22.8. (#12093)
-* Images: Bump `NGINX_BASE` to v0.1.0. (#12079)
-* Images: Trigger NGINX build. (#12077)
-* Images: Remove NGINX v1.21. (#12057)
-* GitHub: Improve Dependabot. (#12037)
-* Chart: Improve CI. (#12029)
-* Chart: Extend image tests. (#12026)
-* Docs: Add health check annotations for AWS. (#12021)
-* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12007)
-* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12001)
-* Chart: Align default backend `PodDisruptionBudget`. (#11998)
-* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11985)
-* Chart: Improve default backend service account. (#11973)
-* Go: Bump to v1.22.7. (#11969)
-* Images: Bump OpenTelemetry C++ Contrib. (#11950)
-* Docs: Add note about `--watch-namespace`. (#11948)
-* Images: Use latest Alpine 3.20 everywhere. (#11945)
-* Fix minor typos (#11940)
-* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11933)
-* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11920)
-* Images: Trigger `test-runner` build. (#11918)
-* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11888)
-* Annotations: Allow commas in URLs. (#11886)
-* CI: Grant checks write permissions to E2E Test Report. (#11884)
-* Update maxmind post link about geolite2 license changes (#11880)
-* Go: Sync `go.work.sum`. (#11876)
-* Replace deprecated queue method (#11858)
-* Auto-generate annotation docs (#11835)
-
-### Dependency updates:
-
-* Bump the actions group with 3 updates (#12150)
-* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12108)
-* Bump the actions group with 3 updates (#12096)
-* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12088)
-* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12086)
-* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12084)
-* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12082)
-* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12054)
-* Bump the go group across 1 directory with 3 updates (#12052)
-* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12048)
-* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12044)
-* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12045)
-* Bump the all group with 2 updates (#12035)
-* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12015)
-* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12013)
-* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12011)
-* Bump the all group with 2 updates (#11979)
-* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11978)
-* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11960)
-* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11959)
-* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11956)
-* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11929)
-* Bump the all group with 2 updates (#11924)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11912)
-* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11907)
-* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11906)
-* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11905)
-* Bump the all group with 2 updates (#11870)
-* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11869)
-* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11848)
-* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11847)
-* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11846)
-* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11841)
-* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11833)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.4...controller-v1.10.5

changelog/controller-1.10.6.md

@@ -1,92 +0,0 @@
-# Changelog
-
-### controller-v1.10.6
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.10.6@sha256:b6fbd102255edb3ba8e5421feebe14fd3e94cf53d199af9e40687f536152189c
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.6@sha256:44ceedafc0e04a75521b5d472c1b6b5cc08afb8038b5bbfd79c21d066ccf300e
-
-### All changes:
-
-* Images: Trigger controller build. (#12611)
-* Chart: Bump Kube Webhook CertGen. (#12608)
-* Tests & Docs: Bump images. (#12605)
-* Images: Trigger other builds (2/2). (#12598)
-* Images: Trigger other builds (1/2). (#12597)
-* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12592)
-* Images: Trigger `test-runner` build. (#12586)
-* Images: Bump `NGINX_BASE` to v0.2.0. (#12584)
-* Images: Trigger NGINX build. (#12578)
-* Go: Clean `go.work.sum`. (#12575)
-* Repository: Update owners. (#12570)
-* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12563)
-* CI: Update KIND images. (#12559)
-* Images: Bump Alpine to v3.21. (#12530)
-* Docs: Add guide on how to set a Maintenance Page. (#12527)
-* rikatz is stepping down (#12518)
-* rikatz is stepping down (#12497)
-* Go: Bump to v1.23.4. (#12485)
-* Plugin: Bump `goreleaser` to v2. (#12442)
-* GitHub: Fix `exec` in issue template. (#12389)
-* CI: Update KIND images. (#12368)
-* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12341)
-* Go: Bump to v1.23.3. (#12339)
-* Auth TLS: Add `_` to redirect RegEx. (#12328)
-* Auth TLS: Improve redirect RegEx. (#12321)
-* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12314)
-* Images: Trigger `test-runner` build. (#12307)
-* Config: Fix panic on invalid `lua-shared-dict`. (#12282)
-* Docs: fix limit-rate-after references (#12280)
-* Chart: Rework ServiceMonitor. (#12268)
-* Chart: Add ServiceAccount tests. (#12266)
-* CI: Fix chart testing. (#12260)
-* [fix] fix nginx temp configs cleanup (#12224)
-* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12204)
-* Docs: Add Pod Security Admission. (#12198)
-* Docs: Clarify external & service port in TCP/UDP services explanation. (#12194)
-
-### Dependency updates:
-
-* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12565)
-* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12557)
-* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12552)
-* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12549)
-* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12546)
-* Bump the actions group with 2 updates (#12543)
-* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12540)
-* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12514)
-* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12511)
-* Bump the actions group with 3 updates (#12508)
-* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12504)
-* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12501)
-* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12478)
-* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12473)
-* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12466)
-* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12463)
-* Bump the go group across 1 directory with 2 updates (#12459)
-* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12425)
-* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12416)
-* Bump the go group across 3 directories with 10 updates (#12414)
-* Bump the actions group with 3 updates (#12410)
-* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12382)
-* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12375)
-* Bump golangci-lint on actions and disable deprecated linters (#12363)
-* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12356)
-* Bump the actions group with 3 updates (#12353)
-* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12351)
-* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12297)
-* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12294)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12290)
-* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12275)
-* Bump the go group across 3 directories with 11 updates (#12246)
-* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12241)
-* Bump the actions group with 5 updates (#12243)
-* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12219)
-* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12215)
-* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12191)
-* Bump the go group across 2 directories with 1 update (#12189)
-* Bump the actions group with 2 updates (#12185)
-* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12184)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.5...controller-v1.10.6

changelog/controller-1.11.0.md

@@ -1,164 +0,0 @@
-# Changelog
-
-### controller-v1.11.0
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.0@sha256:f16dfed1c94d216b65e5dcb7508ab46148641a99649c5a700749db6f01a7039e
-
-### All changes:
-
-* update test runner to latest build (#11558)
-* add k8s 1.30 to ci build (#11554)
-* update test runner go base to 3.20 (#11552)
-* tag new test runner image with new nginx base 0.0.8 (#11551)
-* bump NGINX_BASE to v0.0.8 (#11544)
-* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
-* trigger build for NGINX-1.25 v0.0.8 (#11539)
-* bump alpine version to 3.20 to custom-error-pages (#11538)
-* fix: Ensure changes in MatchCN annotation are detected (#11529)
-* Docs: Add information about HTTP/3 support. (#11513)
-* Docs: Specify `ingressClass` for multi-controller setup. (#11493)
-* Docs: Improve default certificate usage. (#11504)
-* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11511)
-* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11495)
-* Update getting-started.md with new prerequisites (#11486)
-* [feature] bump nginx to 1.25.5 and add http3 module (#11470)
-* Fix boolean configuration (#11483)
-* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
-* CI: Bump forgotten Ginkgo versions. (#11467)
-* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11462)
-* Owners: Promote Gacko to admin. (#11463)
-* Chart: Make pod affinity templatable. (#11453)
-* fixed fastcgi userguide (#11454)
-* Remove unnecessary space character (#11434)
-* upgrade to alpine 3.20 (#11428)
-* fix for docs issue 11432 (#11433)
-* Update index.md (#11437)
-* update golang to 1.22.4 (#11427)
-* Chart: Fix `IngressClass` annotations. (#11416)
-* Chart: Make admission webhook patch job RBAC configurable. (#11376)
-* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
-* Chart: Remove `controller.enableWorkerSerialReloads`. (#11400)
-* Adapt dashboards for Grafana 11 compatibility (#11399)
-* Rename variable to fix typo (#11395)
-* Fix helm install on cloud provider admonition block (#11394)
-* edited helm-install tips (#11393)
-* added info for aws helm install (#11390)
-* added multiplecontrollers-howto to faq (#11389)
-* removed tlsv1 & tlsv1.1 (#11343)
-* feat: Add grpc timeouts annotations (#11258)
-* sfix position of options (#11379)
-* add workflow to helm release and update ct for branch (#11378)
-* Accept user defined annotations in IngressClass (#11362)
-* Docs: Remove opentracing and zipkin from docs (#11361)
-* Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884)
-* chore(deps): group update k8s.io packages to v0.30.0 (#11344)
-* Fix function name in comment (#11296)
-* fix path in file changed detected message (#11271)
-* chore: fix function names in comment (#11280)
-* fix: update kube version requirement to 1.21 (#11275)
-* release helm chart from release branch (#11276)
-* update k8s version to latest kind release (#11240)
-* feat: add annotation to allow to add custom response headers (#9742)
-* remove _ssl_expire_time_seconds metric by identifier (#9706)
-* update post submit helm ci and clean up (#11220)
-* Chart: Add unit tests for default backend & topology spread constraints. (#11218)
-* sort default backend hpa metrics (#11215)
-* updated certgen image shatag (#11214)
-* feature(default_backend): topologySpreadConstraints on default backend (#11197)
-* bumped certgeimage tag (#11212)
-* changed testrunner image sha (#11207)
-* updated baseimage & deleted a useless file (#11208)
-* Chart: Make `controller.config` templatable. (#11181)
-* chunking related faq update (#11196)
-* bump ginkgo to 2-17-1 in testrunner (#11202)
-* Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165)
-* Fix-semver (#11193)
-* refactor helm ci tests part I (#11178)
-* fixes brotli build issue (#10484)
-* bump ginkgo to v2.17.1 (#11177)
-* Proposal: e2e tests for regex patterns (#11174)
-* Controller: Make Leader Election TTL configurable. (#11142)
-* Chores: Remove recently added whitespaces. (#11156)
-* Add GRPC Buffer Size to the Configmap (#11155)
-* fix geoip2 configuration docs (#11150)
-* feature(geoip2_autoreload): Enable GeoIP2 auto_reload config  (#11079)
-* Chart: Add IngressClass aliases. (#11109)
-* Fix typos in OTel doc (#11081)
-* Chart: Render `controller.ingressClassResource.parameters` natively. (#11108)
-* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089)
-* Chart: Align HPA & KEDA conditions. (#11110)
-* Chart: Add Gacko to maintainers. Again. (#11107)
-* Chart: Improve IngressClass documentation. (#11104)
-* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
-* Undo #11062 since it breaks the nginx config (#11082)
-* [mTLS] Fix acme verification when mTLS and Client CN verification is enabled (#11062)
-* golangci-lint update, ci cleanup, group dependabot updates (#11071)
-* bump golang (#11070)
-* feature(leader_election): flag to disable leader election feature on controller (#11064)
-* docs: update the 404 link to FAQ (#11069)
-* Update README.md (#11065)
-* quotes around numbers fort ports definitions (#11052)
-
-### Dependency updates:
-
-* Bump the all group with 2 updates (#11523)
-* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11499)
-* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11497)
-* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11475)
-* Bump the all group with 3 updates (#11474)
-* Bump the all group with 2 updates (#11476)
-* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11442)
-* Bump the all group with 3 updates (#11443)
-* Bump sigs.k8s.io/controller-runtime in the all group (#11440)
-* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11444)
-* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11441)
-* Bump the all group with 2 updates (#11419)
-* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11418)
-* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11417)
-* Bump the all group across 1 directory with 3 updates (#11384)
-* Bump the all group across 1 directory with 6 updates (#11383)
-* Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#11357)
-* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11355)
-* Bump the all group with 3 updates (#11348)
-* Bump Kubernetes version on images (#11346)
-* Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.1 (#11345)
-* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11328)
-* Bump the all group with 4 updates (#11327)
-* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291)
-* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290)
-* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282)
-* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283)
-* Bump the all group with 2 updates (#11261)
-* Bump azure/setup-helm from 3.5 to 4 (#11263)
-* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262)
-* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237)
-* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228)
-* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227)
-* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229)
-* Bump github.com/prometheus/client_model in the all group (#11226)
-* Bump the all group with 3 updates (#11225)
-* Bump the all group with 2 updates (#11183)
-* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184)
-* Bump the all group with 3 updates (#11157)
-* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159)
-* Bump the all group with 4 updates (#11133)
-* Bump the all group with 1 update (#11134)
-* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119)
-* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121)
-* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120)
-* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076)
-* Bump the all group with 1 update (#11073)
-* Bump the all group with 1 update (#11072)
-* Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075)
-* Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059)
-* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055)
-* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057)
-* Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056)
-* Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060)
-* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058)
-* Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.11.0

changelog/controller-1.11.1.md

@@ -1,45 +0,0 @@
-# Changelog
-
-### controller-v1.11.1
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.1@sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
-
-### All changes:
-
-* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11647)
-* Images: Re-run `test-runner` build. (#11644)
-* Images: Trigger `test-runner` build. (#11640)
-* Images: Bump `NGINX_BASE` to v0.0.10. (#11638)
-* Images: Trigger NGINX build. (#11632)
-* bump testing runner (#11627)
-* remove modsecurity coreruleset test files from nginx image (#11620)
-* unskip the ocsp tests and update images to fix cfssl bug (#11616)
-* Fix indent in YAML for example pod (#11610)
-* Images: Bump `test-runner`. (#11605)
-* Images: Bump `NGINX_BASE` to v0.0.9. (#11602)
-* revert module upgrade (#11597)
-* Release: Apply changes from `main`. (#11589)
-* Mage: Stop mutating release notes. (#11581)
-* Images: Bump `kube-webhook-certgen`. (#11584)
-* update test runner to latest build (#11558)
-* add k8s 1.30 to ci build (#11554)
-* update test runner go base to 3.20 (#11552)
-* tag new test runner image with new nginx base 0.0.8 (#11551)
-* bump NGINX_BASE to v0.0.8 (#11544)
-* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
-* trigger build for NGINX-1.25 v0.0.8 (#11539)
-* bump alpine version to 3.20 to custom-error-pages (#11538)
-* fix: Ensure changes in MatchCN annotation are detected (#11529)
-
-### Dependency updates:
-
-* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11621)
-* Bump the all group with 5 updates (#11614)
-* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11580)
-* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11576)
-* Bump the all group with 4 updates (#11575)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.11.1

changelog/controller-1.11.2.md

@@ -1,54 +0,0 @@
-# Changelog
-
-### controller-v1.11.2
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.2@sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
-
-### All changes:
-
-* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812)
-* Images: Trigger controller build. (#11807)
-* Tests & Docs: Bump images. (#11805)
-* Images: Trigger failed builds. (#11802)
-* Images: Trigger other builds. (#11798)
-* Controller: Fix panic in alternative backend merging. (#11794)
-* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11792)
-* Images: Trigger `test-runner` build. (#11787)
-* Images: Bump `NGINX_BASE` to v0.0.12. (#11784)
-* Images: Trigger NGINX build. (#11781)
-* Cloud Build: Add missing config, remove unused ones. (#11777)
-* Generate correct output on NumCPU() when using cgroups2 (#11778)
-* Cloud Build: Tweak timeouts. (#11763)
-* Cloud Build: Fix substitutions. (#11760)
-* Cloud Build: Some chores. (#11757)
-* Go: Bump to v1.22.6. (#11749)
-* Images: Bump `NGINX_BASE` to v0.0.11. (#11743)
-* Images: Trigger NGINX build. (#11737)
-* docs: update OpenSSL Roadmap link (#11733)
-* Go: Bump to v1.22.5. (#11732)
-* Docs: Fix typo in AWS LB Controller reference (#11725)
-* Perform some cleaning operations on line breaks. (#11721)
-* Missing anchors in regular expression. (#11719)
-* Docs: Fix `from-to-www` redirect description. (#11716)
-* Chart: Remove `isControllerTagValid`. (#11713)
-* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11705)
-* Docs: Clarify `from-to-www` redirect direction. (#11693)
-* added real-client-ip faq (#11664)
-* Docs: Format NGINX configuration table. (#11662)
-* Docs: Update version in `deploy/index.md`. (#11652)
-
-### Dependency updates:
-
-* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11773)
-* Bump the all group with 2 updates (#11771)
-* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11769)
-* Bump the all group with 3 updates (#11728)
-* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11701)
-* Bump the all group with 2 updates (#11698)
-* Bump the all group with 4 updates (#11677)
-* Bump the all group with 2 updates (#11675)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.1...controller-v1.11.2

changelog/controller-1.11.3.md

@@ -1,91 +0,0 @@
-# Changelog
-
-### controller-v1.11.3
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14
-
-### All changes:
-
-* Images: Trigger controller build. (#12134)
-* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145)
-* Images: Trigger `e2e-test-echo` build. (#12141)
-* Images: Drop `s390x`. (#12138)
-* Images: Build `s390x` controller. (#12127)
-* Chart: Bump Kube Webhook CertGen. (#12123)
-* Tests & Docs: Bump images. (#12121)
-* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117)
-* Images: Trigger other builds. (#12112)
-* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105)
-* Images: Trigger `test-runner` build. (#12102)
-* Docs: Add a multi-tenant warning. (#12099)
-* Go: Bump to v1.22.8. (#12094)
-* Images: Bump `NGINX_BASE` to v0.1.0. (#12080)
-* Images: Trigger NGINX build. (#12076)
-* Images: Remove NGINX v1.21. (#12058)
-* GitHub: Improve Dependabot. (#12038)
-* Chart: Improve CI. (#12030)
-* Chart: Extend image tests. (#12027)
-* Docs: Add health check annotations for AWS. (#12020)
-* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006)
-* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002)
-* Chart: Align default backend `PodDisruptionBudget`. (#11999)
-* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986)
-* Chart: Improve default backend service account. (#11974)
-* Go: Bump to v1.22.7. (#11970)
-* Images: Bump OpenTelemetry C++ Contrib. (#11951)
-* Docs: Add note about `--watch-namespace`. (#11949)
-* Images: Use latest Alpine 3.20 everywhere. (#11946)
-* Fix minor typos (#11941)
-* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934)
-* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921)
-* Images: Trigger `test-runner` build. (#11917)
-* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889)
-* Annotations: Allow commas in URLs. (#11887)
-* CI: Grant checks write permissions to E2E Test Report. (#11885)
-* Chart: Use generic values for `ConfigMap` test. (#11879)
-* Update maxmind post link about geolite2 license changes (#11881)
-* Go: Sync `go.work.sum`. (#11875)
-* Replace deprecated queue method (#11859)
-* Auto-generate annotation docs (#11831)
-
-### Dependency updates:
-
-* Bump the actions group with 3 updates (#12149)
-* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109)
-* Bump the actions group with 3 updates (#12097)
-* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089)
-* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087)
-* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085)
-* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083)
-* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055)
-* Bump the go group across 1 directory with 3 updates (#12053)
-* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049)
-* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047)
-* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046)
-* Bump the all group with 2 updates (#12036)
-* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016)
-* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014)
-* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012)
-* Bump the all group with 2 updates (#11981)
-* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980)
-* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961)
-* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958)
-* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957)
-* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930)
-* Bump the all group with 2 updates (#11925)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913)
-* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910)
-* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909)
-* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908)
-* Bump the all group with 2 updates (#11871)
-* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868)
-* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840)
-* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839)
-* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837)
-* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836)
-* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3

changelog/controller-1.11.4.md

@@ -1,94 +0,0 @@
-# Changelog
-
-### controller-v1.11.4
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.11.4@sha256:981a97d78bee3109c0b149946c07989f8f1478a9265031d2d23dea839ba05b52
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.4@sha256:f29d0f9e7a9ef4947eda59ed0c09ec13380b13639d1518cf1ab8ec09c3e22ef8
-
-### All changes:
-
-* Images: Trigger controller build. (#12610)
-* Chart: Bump Kube Webhook CertGen. (#12607)
-* Tests & Docs: Bump images. (#12604)
-* Images: Trigger other builds (2/2). (#12600)
-* Images: Trigger other builds (1/2). (#12596)
-* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12591)
-* Images: Trigger `test-runner` build. (#12588)
-* Images: Bump `NGINX_BASE` to v0.2.0. (#12583)
-* Images: Trigger NGINX build. (#12577)
-* Go: Clean `go.work.sum`. (#12574)
-* Repository: Update owners. (#12569)
-* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12562)
-* CI: Update KIND images. (#12558)
-* Images: Bump Alpine to v3.21. (#12529)
-* Docs: Add guide on how to set a Maintenance Page. (#12526)
-* rikatz is stepping down (#12517)
-* rikatz is stepping down (#12495)
-* Go: Bump to v1.23.4. (#12484)
-* Plugin: Bump `goreleaser` to v2. (#12441)
-* GitHub: Fix `exec` in issue template. (#12388)
-* CI: Update KIND images. (#12365)
-* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12343)
-* Go: Bump to v1.23.3. (#12338)
-* Auth TLS: Add `_` to redirect RegEx. (#12327)
-* Auth TLS: Improve redirect RegEx. (#12322)
-* Update custom headers annotation documentation (#12319)
-* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12313)
-* Images: Trigger `test-runner` build. (#12306)
-* Config: Fix panic on invalid `lua-shared-dict`. (#12284)
-* Docs: fix limit-rate-after references (#12279)
-* Chart: Rework ServiceMonitor. (#12270)
-* Chart: Add ServiceAccount tests. (#12264)
-* CI: Fix chart testing. (#12259)
-* [fix] fix nginx temp configs cleanup (#12223)
-* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12203)
-* Docs: Add Pod Security Admission. (#12197)
-* Docs: Clarify external & service port in TCP/UDP services explanation. (#12193)
-* Docs: Goodbye, v1.10. (#12159)
-
-### Dependency updates:
-
-* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12567)
-* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12556)
-* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12551)
-* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12548)
-* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12545)
-* Bump the actions group with 2 updates (#12542)
-* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12539)
-* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12513)
-* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12510)
-* Bump the actions group with 3 updates (#12507)
-* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12503)
-* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12500)
-* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12477)
-* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12475)
-* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12465)
-* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12462)
-* Bump the go group across 1 directory with 2 updates (#12458)
-* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12427)
-* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12417)
-* Bump the go group across 3 directories with 10 updates (#12415)
-* Bump the actions group with 3 updates (#12411)
-* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12381)
-* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12374)
-* Bump golangci-lint on actions and disable deprecated linters (#12362)
-* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12355)
-* Bump the actions group with 3 updates (#12352)
-* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12350)
-* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12298)
-* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12295)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12289)
-* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12274)
-* Bump the go group across 3 directories with 11 updates (#12245)
-* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12239)
-* Bump the actions group with 5 updates (#12240)
-* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12220)
-* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12216)
-* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12190)
-* Bump the go group across 2 directories with 1 update (#12187)
-* Bump the actions group with 2 updates (#12181)
-* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12179)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.3...controller-v1.11.4

changelog/controller-1.12.0-beta.0.md

@@ -1,216 +0,0 @@
-# Changelog
-
-### controller-v1.12.0-beta.0
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.12.0-beta.0@sha256:9724476b928967173d501040631b23ba07f47073999e80e34b120e8db5f234d5
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0-beta.0@sha256:6e2f8f52e1f2571ff65bc4fc4826d5282d5def5835ec4ab433dcb8e659b2fbac
-
-### All changes:
-
-* Images: Trigger controller build. (#12154)
-* ⚠️ Metrics: Disable by default. (#12153) ⚠️
-
-  This changes the default of the following CLI arguments:
-
-  * `--enable-metrics` gets disabled by default.
-
-* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
-* Images: Trigger `e2e-test-echo` build. (#12140)
-* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
-
-  Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
-
-* Images: Build `s390x` controller. (#12126)
-* Chart: Bump Kube Webhook CertGen. (#12119)
-* Tests & Docs: Bump images. (#12118)
-* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
-* Images: Trigger other builds. (#12110)
-* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
-* Images: Trigger `test-runner` build. (#12100)
-* Docs: Add a multi-tenant warning. (#12091)
-* Go: Bump to v1.22.8. (#12069)
-* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
-* Images: Trigger NGINX build. (#12063)
-* Images: Remove NGINX v1.21. (#12031)
-* Chart: Add `controller.metrics.service.enabled`. (#12056)
-* GitHub: Improve Dependabot. (#12033)
-* Chart: Add `global.image.registry`. (#12028)
-* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
-
-  OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
-
-* Chart: Improve CI. (#12003)
-* Chart: Extend image tests. (#12025)
-* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
-* Docs: Add health check annotations for AWS. (#12018)
-* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
-* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
-* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
-* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
-* Chart: Align default backend `PodDisruptionBudget`. (#11993)
-* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
-* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
-
-  This removes Pod Security Policies and related resources from the chart.
-
-* Chart: Improve default backend service account. (#11972)
-* Go: Bump to v1.22.7. (#11943)
-* NGINX: Remove inline Lua from template. (#11806)
-* Images: Bump OpenTelemetry C++ Contrib. (#11629)
-* Docs: Add note about `--watch-namespace`. (#11947)
-* Images: Use latest Alpine 3.20 everywhere. (#11944)
-* Fix minor typos (#11935)
-* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
-* Allow any protocol for cors origins (#11153)
-* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
-* Images: Trigger `test-runner` build. (#11916)
-* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
-* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
-* Annotations: Allow commas in URLs. (#11882)
-* CI: Grant checks write permissions to E2E Test Report. (#11862)
-* Chart: Use generic values for `ConfigMap` test. (#11877)
-* Security: Follow-up on recent changes. (#11874)
-* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
-* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
-* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
-* Update maxmind post link about geolite2 license changes (#11861)
-* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
-
-  This removes the following configuration options:
-
-  * `global-rate-limit-memcached-host`
-  * `global-rate-limit-memcached-port`
-  * `global-rate-limit-memcached-connect-timeout`
-  * `global-rate-limit-memcached-max-idle-timeout`
-  * `global-rate-limit-memcached-pool-size`
-  * `global-rate-limit-status-code`
-
-  It also removes the following annotations:
-
-  * `global-rate-limit`
-  * `global-rate-limit-window`
-  * `global-rate-limit-key`
-  * `global-rate-limit-ignored-cidrs`
-
-* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
-* Add custom code handling for temporal redirect (#10651)
-* Add native histogram support for histogram metrics (#9971)
-* Replace deprecated queue method (#11853)
-* ⚠️ Enable security features by default (#11819) ⚠️
-
-  This changes the default of the following CLI arguments:
-
-  * `--enable-annotation-validation` gets enabled by default.
-
-  It also changes the default of the following configuration options:
-
-  * `allow-cross-namespace-resources` gets disabled by default.
-  * `annotations-risk-level` gets lowered to "High" by default.
-  * `strict-validate-path-type` gets enabled by default.
-
-* docs: Add deployment for AWS NLB Proxy. (#9565)
-* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
-
-  This removes the following configuration options:
-
-  * `plugins`
-
-  It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
-
-* Auto-generate annotation docs (#11820)
-* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
-
-  This metric has already been deprecated and is now getting removed.
-
-* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
-* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
-* Tests & Docs: Bump images. (#11803)
-* Images: Trigger failed builds. (#11800)
-* Images: Trigger other builds. (#11796)
-* Controller: Fix panic in alternative backend merging. (#11789)
-* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
-* Images: Trigger `test-runner` build. (#11785)
-* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
-* Images: Trigger NGINX build. (#11779)
-* Cloud Build: Add missing config, remove unused ones. (#11774)
-* Cloud Build: Tweak timeouts. (#11761)
-* Cloud Build: Fix substitutions. (#11758)
-* Cloud Build: Some chores. (#11633)
-* Go: Bump to v1.22.6. (#11747)
-* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
-* Images: Trigger NGINX build. (#11735)
-* docs: update OpenSSL Roadmap link (#11730)
-* Go: Bump to v1.22.5. (#11634)
-* Docs: Fix typo in AWS LB Controller reference (#11723)
-* Perform some cleaning operations on line breaks. (#11720)
-* Missing anchors in regular expression. (#11717)
-* Docs: Fix `from-to-www` redirect description. (#11712)
-* Chart: Remove `isControllerTagValid`. (#11710)
-* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
-* Chart: Explicitly set `runAsGroup`. (#11679)
-* Docs: Clarify `from-to-www` redirect direction. (#11682)
-* added real-client-ip faq (#11663)
-* Docs: Format NGINX configuration table. (#11659)
-* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
-* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
-* Images: Trigger `test-runner` build. (#11636)
-* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
-* remove modsecurity coreruleset test files from nginx image (#11617)
-* unskip the ocsp tests and update images to fix cfssl bug (#11606)
-* Fix indent in YAML for example pod (#11598)
-* Images: Bump `test-runner`. (#11600)
-* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
-* revert module upgrade (#11594)
-* README: Fix support matrix. (#11586)
-* Repository: Add changelogs from `release-v1.10`. (#11587)
-
-### Dependency updates:
-
-* Bump the actions group with 3 updates (#12152)
-* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
-* Bump the actions group with 3 updates (#12092)
-* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
-* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
-* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
-* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
-* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
-* Bump the go group across 1 directory with 3 updates (#12050)
-* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
-* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
-* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
-* Bump the all group with 2 updates (#12032)
-* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
-* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
-* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
-* Bump the all group with 2 updates (#11977)
-* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
-* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
-* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
-* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
-* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
-* Bump the all group with 2 updates (#11922)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
-* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
-* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
-* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
-* Bump the all group with 2 updates (#11865)
-* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
-* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
-* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
-* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
-* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
-* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
-* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
-* Bump the all group with 2 updates (#11767)
-* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
-* Bump the all group with 3 updates (#11727)
-* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
-* Bump the all group with 2 updates (#11695)
-* Bump the all group with 4 updates (#11673)
-* Bump the all group with 2 updates (#11672)
-* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
-* Bump the all group with 5 updates (#11611)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0-beta.0

changelog/controller-1.12.0.md

@@ -1,294 +0,0 @@
-# Changelog
-
-### controller-v1.12.0
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0@sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3
-
-### All changes:
-
-* Images: Trigger controller build. (#12609)
-* Chart: Bump Kube Webhook CertGen. (#12606)
-* Tests & Docs: Bump images. (#12603)
-* Images: Trigger other builds (2/2). (#12599)
-* Images: Trigger other builds (1/2). (#12595)
-* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12590)
-* Images: Trigger `test-runner` build. (#12587)
-* Images: Bump `NGINX_BASE` to v1.1.0. (#12582)
-* Images: Trigger NGINX build. (#12579)
-* Go: Clean `go.work.sum`. (#12573)
-* Repository: Update owners. (#12568)
-* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12561)
-* CI: Update KIND images. (#12560)
-* Images: Bump Alpine to v3.21. (#12528)
-* Docs: Add guide on how to set a Maintenance Page. (#12525)
-* rikatz is stepping down (#12516)
-* rikatz is stepping down (#12494)
-* Go: Bump to v1.23.4. (#12483)
-* Plugin: Bump `goreleaser` to v2. (#12440)
-* GitHub: Fix `exec` in issue template. (#12387)
-* CI: Update KIND images. (#12367)
-* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12342)
-* Go: Bump to v1.23.3. (#12337)
-* Auth TLS: Add `_` to redirect RegEx. (#12326)
-* Auth TLS: Improve redirect RegEx. (#12323)
-* Update custom headers annotation documentation (#12318)
-* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12312)
-* Docs: Add CPU usage note for `--metrics-per-undefined-host`. (#12310)
-* Images: Trigger `test-runner` build. (#12308)
-* Config: Fix panic on invalid `lua-shared-dict`. (#12283)
-* Docs: fix limit-rate-after references (#12278)
-* Chart: Rework ServiceMonitor. (#12269)
-* Chart: Add ServiceAccount tests. (#12263)
-* CI: Fix chart testing. (#12258)
-* [fix] fix nginx temp configs cleanup (#12225)
-* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12202)
-* Docs: Add Pod Security Admission. (#12195)
-* Docs: Clarify external & service port in TCP/UDP services explanation. (#12192)
-* Images: Trigger controller build. (#12154)
-* ⚠️ Metrics: Disable by default. (#12153) ⚠️
-
-  This changes the default of the following CLI arguments:
-
-  * `--enable-metrics` gets disabled by default.
-
-* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
-* Images: Trigger `e2e-test-echo` build. (#12140)
-* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
-
-  Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
-
-* Images: Build `s390x` controller. (#12126)
-* Chart: Bump Kube Webhook CertGen. (#12119)
-* Tests & Docs: Bump images. (#12118)
-* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
-* Images: Trigger other builds. (#12110)
-* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
-* Images: Trigger `test-runner` build. (#12100)
-* Docs: Add a multi-tenant warning. (#12091)
-* Go: Bump to v1.22.8. (#12069)
-* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
-* Images: Trigger NGINX build. (#12063)
-* Images: Remove NGINX v1.21. (#12031)
-* Chart: Add `controller.metrics.service.enabled`. (#12056)
-* GitHub: Improve Dependabot. (#12033)
-* Chart: Add `global.image.registry`. (#12028)
-* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
-
-  OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
-
-* Chart: Improve CI. (#12003)
-* Chart: Extend image tests. (#12025)
-* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
-* Docs: Add health check annotations for AWS. (#12018)
-* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
-* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
-* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
-* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
-* Chart: Align default backend `PodDisruptionBudget`. (#11993)
-* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
-* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
-
-  This removes Pod Security Policies and related resources from the chart.
-
-* Chart: Improve default backend service account. (#11972)
-* Go: Bump to v1.22.7. (#11943)
-* NGINX: Remove inline Lua from template. (#11806)
-* Images: Bump OpenTelemetry C++ Contrib. (#11629)
-* Docs: Add note about `--watch-namespace`. (#11947)
-* Images: Use latest Alpine 3.20 everywhere. (#11944)
-* Fix minor typos (#11935)
-* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
-* Allow any protocol for cors origins (#11153)
-* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
-* Images: Trigger `test-runner` build. (#11916)
-* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
-* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
-* Annotations: Allow commas in URLs. (#11882)
-* CI: Grant checks write permissions to E2E Test Report. (#11862)
-* Chart: Use generic values for `ConfigMap` test. (#11877)
-* Security: Follow-up on recent changes. (#11874)
-* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
-* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
-* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
-* Update maxmind post link about geolite2 license changes (#11861)
-* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
-
-  This removes the following configuration options:
-
-  * `global-rate-limit-memcached-host`
-  * `global-rate-limit-memcached-port`
-  * `global-rate-limit-memcached-connect-timeout`
-  * `global-rate-limit-memcached-max-idle-timeout`
-  * `global-rate-limit-memcached-pool-size`
-  * `global-rate-limit-status-code`
-
-  It also removes the following annotations:
-
-  * `global-rate-limit`
-  * `global-rate-limit-window`
-  * `global-rate-limit-key`
-  * `global-rate-limit-ignored-cidrs`
-
-* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
-* Add custom code handling for temporal redirect (#10651)
-* Add native histogram support for histogram metrics (#9971)
-* Replace deprecated queue method (#11853)
-* ⚠️ Enable security features by default (#11819) ⚠️
-
-  This changes the default of the following CLI arguments:
-
-  * `--enable-annotation-validation` gets enabled by default.
-
-  It also changes the default of the following configuration options:
-
-  * `allow-cross-namespace-resources` gets disabled by default.
-  * `annotations-risk-level` gets lowered to "High" by default.
-  * `strict-validate-path-type` gets enabled by default.
-
-* docs: Add deployment for AWS NLB Proxy. (#9565)
-* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
-
-  This removes the following configuration options:
-
-  * `plugins`
-
-  It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
-
-* Auto-generate annotation docs (#11820)
-* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
-
-  This metric has already been deprecated and is now getting removed.
-
-* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
-* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
-* Tests & Docs: Bump images. (#11803)
-* Images: Trigger failed builds. (#11800)
-* Images: Trigger other builds. (#11796)
-* Controller: Fix panic in alternative backend merging. (#11789)
-* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
-* Images: Trigger `test-runner` build. (#11785)
-* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
-* Images: Trigger NGINX build. (#11779)
-* Cloud Build: Add missing config, remove unused ones. (#11774)
-* Cloud Build: Tweak timeouts. (#11761)
-* Cloud Build: Fix substitutions. (#11758)
-* Cloud Build: Some chores. (#11633)
-* Go: Bump to v1.22.6. (#11747)
-* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
-* Images: Trigger NGINX build. (#11735)
-* docs: update OpenSSL Roadmap link (#11730)
-* Go: Bump to v1.22.5. (#11634)
-* Docs: Fix typo in AWS LB Controller reference (#11723)
-* Perform some cleaning operations on line breaks. (#11720)
-* Missing anchors in regular expression. (#11717)
-* Docs: Fix `from-to-www` redirect description. (#11712)
-* Chart: Remove `isControllerTagValid`. (#11710)
-* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
-* Chart: Explicitly set `runAsGroup`. (#11679)
-* Docs: Clarify `from-to-www` redirect direction. (#11682)
-* added real-client-ip faq (#11663)
-* Docs: Format NGINX configuration table. (#11659)
-* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
-* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
-* Images: Trigger `test-runner` build. (#11636)
-* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
-* remove modsecurity coreruleset test files from nginx image (#11617)
-* unskip the ocsp tests and update images to fix cfssl bug (#11606)
-* Fix indent in YAML for example pod (#11598)
-* Images: Bump `test-runner`. (#11600)
-* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
-* revert module upgrade (#11594)
-* README: Fix support matrix. (#11586)
-* Repository: Add changelogs from `release-v1.10`. (#11587)
-
-### Dependency updates:
-
-* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12566)
-* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12555)
-* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12550)
-* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12547)
-* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12544)
-* Bump the actions group with 2 updates (#12541)
-* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12538)
-* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12512)
-* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12509)
-* Bump the actions group with 3 updates (#12506)
-* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12505)
-* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12502)
-* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12476)
-* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12472)
-* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12464)
-* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12461)
-* Bump the go group across 1 directory with 2 updates (#12460)
-* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12426)
-* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12418)
-* Bump the go group across 3 directories with 10 updates (#12413)
-* Bump the actions group with 3 updates (#12412)
-* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12380)
-* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12373)
-* Bump golangci-lint on actions and disable deprecated linters (#12361)
-* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12357)
-* Bump the actions group with 3 updates (#12354)
-* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12349)
-* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12299)
-* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12296)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12288)
-* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12273)
-* Bump the go group across 3 directories with 11 updates (#12244)
-* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12242)
-* Bump the actions group with 5 updates (#12236)
-* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12218)
-* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12217)
-* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12188)
-* Bump the go group across 2 directories with 1 update (#12186)
-* Bump the actions group with 2 updates (#12180)
-* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12178)
-* Bump the actions group with 3 updates (#12152)
-* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
-* Bump the actions group with 3 updates (#12092)
-* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
-* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
-* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
-* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
-* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
-* Bump the go group across 1 directory with 3 updates (#12050)
-* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
-* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
-* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
-* Bump the all group with 2 updates (#12032)
-* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
-* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
-* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
-* Bump the all group with 2 updates (#11977)
-* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
-* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
-* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
-* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
-* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
-* Bump the all group with 2 updates (#11922)
-* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
-* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
-* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
-* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
-* Bump the all group with 2 updates (#11865)
-* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
-* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
-* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
-* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
-* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
-* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
-* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
-* Bump the all group with 2 updates (#11767)
-* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
-* Bump the all group with 3 updates (#11727)
-* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
-* Bump the all group with 2 updates (#11695)
-* Bump the all group with 4 updates (#11673)
-* Bump the all group with 2 updates (#11672)
-* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
-* Bump the all group with 5 updates (#11611)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0

changelog/controller-1.9.4.md

@@ -1,14 +0,0 @@
-# Changelog
-
-### 1.9.4
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
-
-### All changes:
-
-* Cherry pick fcgi fix and release v1.9.4 (#10544)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.3...controller-controller-v1.9.4

changelog/controller-1.9.5.md

@@ -1,37 +0,0 @@
-# Changelog
-
-### controller-v1.9.5
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.5@sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d
-
-### All changes:
-
-* update nginx build (#10781)
-* update images from golang upgrade (#10762)
-* fix: remove tcpproxy copy error handling (#10715)
-* Ignore fake certificate for NGINXCertificateExpiry (#10694)
-* Comment NGINXCertificateExpiry alert label matcher (#10692)
-* chart: allow setting allocateLoadBalancerNodePorts (#10693)
-* [release-1.9] feat(helm): add documentation about metric args (#10695)
-* chore(dep): change lua-resty-cookie's repo (#10691)
-* annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric (#10656)
-* fix: adjust unfulfillable validation check for session-cookie-samesite annotation (#10604)
-* fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture (#10603)
-* Increase HSTS max-age to default to one year (#10580)
-* [release-1.9] update nginx base, httpbun, e2e, helm webhook cert gen (#10507)
-* [release-1.9] add upstream patch for CVE-2023-44487 (#10499)
-* fix brotli build issues (#10468)
-* upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
-* Accept backend protocol on any case (#10461)
-* Chart: Rework network policies. (#10438)
-* Rework mage (#10418)
-
-### Dependency updates:
-
-* Bump x/net (#10517)
-* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.4...controller-v1.9.5

changelog/controller-1.9.6.md

@@ -1,21 +0,0 @@
-# Changelog
-
-### controller-v1.9.6
-
-Images:
-
-* registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
-* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.6@sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
-
-### All changes:
-
-* update web hook cert gen to latest release v20231226-1a7112e06
-* annotation validation: validate regex in common name annotation (#10880)
-* change MODSECURITY_VERSION_LIB to 3.0.11 (#10879)
-* Include SECLEVEL and STRENGTH as part of ssl-cipher list validation (#10871)
-
-### Dependency updates:
-
-* Bump github.com/opencontainers/runc from 1.1.10 to 1.1.11 (#10878)
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.5...controller-v1.9.6

changelog/controller.md.gotmpl

@@ -1,22 +0,0 @@
-# Changelog
-
-### {{ .NewControllerVersion }}
-{{ with .ControllerImages }}
-Images:
-{{ range . }}
-* {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }}
-{{- end }}
-{{ end }}
-{{- with .Updates }}
-### All changes:
-{{ range . }}
-* {{ . }}
-{{- end }}
-{{ end }}
-{{- with .DepUpdates }}
-### Dependency updates:
-{{ range . }}
-* {{ . }}
-{{- end }}
-{{ end }}
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/{{ .PreviousControllerVersion }}...{{ .NewControllerVersion }}

charts/ingress-nginx/.helmignore

@@ -20,4 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
-__snapshot__

charts/ingress-nginx/CHANGELOG.md

@@ -0,0 +1,460 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.4.0
+
+* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238
+* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186
+* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133
+* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123
+
+### 4.3.0 
+- Support for Kubernetes v.1.25.0 was added and support for endpoint slices
+- Support for Kubernetes v1.20.0 and v1.21.0 was removed
+- [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices
+- [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191
+- [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name
+- [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations
+
+### 4.2.1
+
+- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1
+- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today"
+
+### 4.2.0
+
+- Support for Kubernetes v1.19.0 was removed
+- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0"
+- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name"
+- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1"
+- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16"
+- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process"
+- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix"
+- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check"
+- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16"
+- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0"
+- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process"
+- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable"
+- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15"
+- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2"
+- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format"
+- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API"
+- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide"
+- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs"
+- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14"
+- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0"
+- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5"
+- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement"
+- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver"
+- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step"
+- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha"
+- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path"
+- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases"
+- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds"
+- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps"
+- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)"
+- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard"
+- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0"
+- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2"
+- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos"
+- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it"
+- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0"
+- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0"
+- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3"
+- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1"
+
+### 4.1.2
+
+- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed"
+- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter"
+- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart"
+
+### 4.1.0
+
+- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script"
+- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6"
+- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod"
+- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty"
+- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector"
+- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies"
+- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md"
+- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing"
+- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist"
+- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one"
+- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement"
+- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation"
+- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0"
+
+### 4.0.18
+
+- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build"
+- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build"
+- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge"
+- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241"
+- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts"
+- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error"
+- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation"
+- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric"
+- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code."
+- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image"
+- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests"
+- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint"
+- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1"
+- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0"
+- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint"
+- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial"
+- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera"
+- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment"
+- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation"
+- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell"
+- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor"
+- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations"
+- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0"
+- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account"
+- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description"
+- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests"
+- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values"
+- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1"
+- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs"
+- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits"
+- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations"
+- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT"
+
+
+### 4.0.15
+
+- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120    Update go in runner and release v1.1.1
+- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119    Update to go v1.17.6
+- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118    Remove deprecated libraries, update other libs
+- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117    Fix codegen errors
+- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115    chart/ghaction: set the correct permission to have access to push a release
+- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098    generating SHA for CA only certs in backend_ssl.go + comparison of P…
+- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088    Fix Edit this page link to use main branch
+- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072    Expose GeoIP2 Continent code as variable
+- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061    docs(charts): using helm-docs for chart
+- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058    Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
+- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054    Bump google.golang.org/grpc from 1.41.0 to 1.43.0
+- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051    align bug report with feature request regarding kind documentation
+- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046    Report expired certificates (#8045)
+- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044    remove G109 check till gosec resolves issues
+- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042    docs_multiple_instances_one_cluster_ticket_7543
+- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041    docs: fix typo'd executable name
+- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035    Comment busy owners
+- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029    Add stream-snippet as a ConfigMap and Annotation option
+- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023    fix nginx compilation flags
+- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021    Disable default modsecurity_rules_file if modsecurity-snippet is specified
+- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019    Revise main documentation page
+- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018    Preserve order of plugin invocation
+- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015    Add newline indenting to admission webhook annotations
+- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014    Add link to example error page manifest in docs
+- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009    Fix spelling in documentation and top-level files
+- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008    Add relabelings in controller-servicemonitor.yaml
+- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003    Minor improvements (formatting, consistency) in install guide
+- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001    fix: go-grpc Dockerfile
+- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999    images: use k8s-staging-test-infra/gcb-docker-gcloud
+- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996    doc: improvement
+- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983    Fix a couple of misspellings in the annotations documentation.
+- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979    allow set annotations for admission Jobs
+- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977    Add ssl_reject_handshake to default server
+- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975    add legacy version update v0.50.0 to main changelog
+- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972    updated service upstream definition
+
+### 4.0.14
+
+- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md
+
+### 4.0.13
+
+- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
+
+### 4.0.12
+
+- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs
+
+### 4.0.11
+
+- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional.
+
+### 4.0.10
+
+- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0
+
+### 4.0.9
+
+- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources
+
+### 4.0.7
+
+- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx
+- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service
+
+### 4.0.6
+
+- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx
+- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart
+- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode
+- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1
+
+### 4.0.5
+
+- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx
+
+### 4.0.3
+
+- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx
+
+### 4.0.2
+
+- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx
+
+### 4.0.1
+
+- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx
+
+### 3.34.0
+
+- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
+
+### 3.33.0
+
+- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
+
+### 3.32.0
+
+- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
+
+### 3.31.0
+
+- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
+
+### 3.30.0
+
+- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
+
+### 3.29.0
+
+- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
+
+### 3.28.0
+
+- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
+
+### 3.27.0
+
+- Update ingress-nginx v0.45.0
+
+### 3.26.0
+
+- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
+
+### 3.25.0
+
+- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
+
+### 3.24.0
+
+- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
+
+### 3.23.0
+
+- Update ingress-nginx v0.44.0
+
+### 3.22.0
+
+- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
+- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
+
+### 3.21.0
+
+- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
+- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
+- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
+- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
+
+### 3.20.1
+
+- Do not create KEDA in case of DaemonSets.
+- Fix KEDA v2 definition
+
+### 3.20.0
+
+- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
+
+### 3.19.0
+
+- Update ingress-nginx v0.43.0
+
+### 3.18.0
+
+- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
+- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
+
+### 3.17.0
+
+- Update ingress-nginx v0.42.0
+
+### 3.16.1
+
+- Fix chart-releaser action
+
+### 3.16.0
+
+- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
+
+### 3.15.1
+
+- Fix chart-releaser action
+
+### 3.15.0
+
+- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
+
+### 3.14.0
+
+- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
+
+### 3.13.0
+
+- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
+
+### 3.12.0
+
+- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
+
+### 3.11.1
+
+- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
+
+### 3.11.0
+
+- Support Keda Autoscaling
+
+### 3.10.1
+
+- Fix regression introduced in 0.41.0 with external authentication
+
+### 3.10.0
+
+- Fix routing regression introduced in 0.41.0 with PathType Exact
+
+### 3.9.0
+
+- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
+
+### 3.8.0
+
+- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
+- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
+- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
+- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
+- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
+
+### 3.7.1
+
+- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
+
+### 3.7.0
+
+- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
+
+### 3.6.0
+
+- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
+
+### 3.5.1
+
+- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
+
+### 3.5.0
+
+- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
+
+### 3.4.0
+
+- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
+
+### 3.3.1
+
+- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
+- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
+- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
+
+### 3.3.1
+
+- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
+
+### 3.3.0
+
+- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
+- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
+- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
+- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
+
+### 3.0.0
+
+- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
+
+### 2.16.0
+
+- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
+
+### 2.15.0
+
+- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
+
+### 2.14.0
+
+- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
+
+### 2.13.0
+
+- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
+
+### 2.13.0
+
+- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
+- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
+
+### 2.12.1
+
+- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
+
+### 2.12.0
+
+- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
+- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
+
+### 2.11.3
+
+- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
+
+### 2.11.2
+
+- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
+
+### 2.11.1
+
+- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
+
+### 2.11.0
+
+- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
+- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
+
+### 2.10.0
+
+- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
+
+### 2.9.1
+
+- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
+
+### 2.9.0
+
+- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
+
+
+### TODO
+
+Keep building the changelog using *git log charts* checking the tag

charts/ingress-nginx/Chart.yaml

@@ -1,10 +1,9 @@
 annotations:
-  artifacthub.io/changes: |
-    - 'CI: Fix chart testing. (#12258)'
-    - Update Ingress-Nginx version controller-v1.12.0
+  artifacthub.io/changes: |-
+     - "Update Ingress-Nginx version controller-v1.9.4"
   artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.12.0
+appVersion: 1.9.4
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
   load balancer
 home: https://github.com/kubernetes/ingress-nginx
@@ -12,13 +11,12 @@ icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/5
 keywords:
 - ingress
 - nginx
-kubeVersion: '>=1.21.0-0'
+kubeVersion: '>=1.20.0-0'
 maintainers:
-- name: cpanato
-- name: Gacko
+- name: rikatz
 - name: strongjz
 - name: tao12345666333
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.12.0
+version: 4.8.3

charts/ingress-nginx/OWNERS

@@ -1,4 +1,10 @@
-# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
+# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+
+approvers:
+- ingress-nginx-helm-maintainers
+
+reviewers:
+- ingress-nginx-helm-reviewers
 
 labels:
 - area/helm

charts/ingress-nginx/README.md

@@ -2,7 +2,7 @@
 
 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
 
-![Version: 4.12.0](https://img.shields.io/badge/Version-4.12.0-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square)
+![Version: 4.8.3](https://img.shields.io/badge/Version-4.8.3-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square)
 
 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
 
@@ -10,7 +10,7 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber
 
 ## Requirements
 
-Kubernetes: `>=1.21.0-0`
+Kubernetes: `>=1.20.0-0`
 
 ## Get Repo Info
 
@@ -229,24 +229,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
 
 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
 
-### Pod Security Admission
-
-You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
-
-Example:
-
-```yaml
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ingress-nginx
-  labels:
-    kubernetes.io/metadata.name: ingress-nginx
-    name: ingress-nginx
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/enforce-version: v1.31
-```
-
 ## Values
 
 | Key | Type | Default | Description |
@@ -258,38 +240,32 @@ metadata:
 | controller.admissionWebhooks.certManager.enabled | bool | `false` |  |
 | controller.admissionWebhooks.certManager.rootCert.duration | string | `""` |  |
 | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` |  |
-| controller.admissionWebhooks.createSecretJob.name | string | `"create"` |  |
 | controller.admissionWebhooks.createSecretJob.resources | object | `{}` |  |
-| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
+| controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | controller.admissionWebhooks.enabled | bool | `true` |  |
+| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
 | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
 | controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
 | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` |  |
 | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
-| controller.admissionWebhooks.name | string | `"admission"` |  |
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| controller.admissionWebhooks.patch.image.digest | string | `"sha256:0de05718b59dc33b57ddfb4d8ad5f637cefd13eafdec0e1579d782b3483c27c3"` |  |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
-| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.1"` |  |
+| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
+| controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
-| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
 | controller.admissionWebhooks.patch.podAnnotations | object | `{}` |  |
 | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
-| controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
-| controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
-| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
-| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
-| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
-| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
-| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
+| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` |  |
+| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` |  |
+| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` |  |
 | controller.admissionWebhooks.patch.tolerations | list | `[]` |  |
-| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` |  |
 | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` |  |
-| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
+| controller.admissionWebhooks.patchWebhookJob.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | controller.admissionWebhooks.port | int | `8443` |  |
 | controller.admissionWebhooks.service.annotations | object | `{}` |  |
 | controller.admissionWebhooks.service.externalIPs | list | `[]` |  |
@@ -307,27 +283,25 @@ metadata:
 | controller.autoscaling.targetCPUUtilizationPercentage | int | `50` |  |
 | controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` |  |
 | controller.autoscalingTemplate | list | `[]` |  |
-| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
+| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
 | controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
 | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
 | controller.containerName | string | `"controller"` | Configures the controller container name |
 | controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
-| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
 | controller.customTemplate.configMapKey | string | `""` |  |
 | controller.customTemplate.configMapName | string | `""` |  |
-| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
 | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
 | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
 | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
-| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
-| controller.enableAnnotationValidations | bool | `true` |  |
+| controller.enableAnnotationValidations | bool | `false` |  |
 | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
 | controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
+| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one |
 | controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
 | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
 | controller.extraEnvs | list | `[]` | Additional environment variables to set |
 | controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
-| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. |
+| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module |
 | controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
 | controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
 | controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
@@ -338,28 +312,22 @@ metadata:
 | controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
 | controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
-| controller.image.allowPrivilegeEscalation | bool | `false` |  |
+| controller.image.allowPrivilegeEscalation | bool | `true` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa"` |  |
-| controller.image.digestChroot | string | `"sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3"` |  |
+| controller.image.digest | string | `"sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"` |  |
+| controller.image.digestChroot | string | `"sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
-| controller.image.readOnlyRootFilesystem | bool | `false` |  |
-| controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
-| controller.image.runAsNonRoot | bool | `true` |  |
-| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
-| controller.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| controller.image.tag | string | `"v1.12.0"` |  |
+| controller.image.registry | string | `"registry.k8s.io"` |  |
+| controller.image.runAsUser | int | `101` |  |
+| controller.image.tag | string | `"v1.9.4"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
-| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
-| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
-| controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
-| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
-| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
-| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
-| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass |
-| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
+| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
+| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster |
+| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not |
+| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass |
+| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. |
 | controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` |  |
 | controller.keda.behavior | object | `{}` |  |
 | controller.keda.cooldownPeriod | int | `300` |  |
@@ -381,45 +349,40 @@ metadata:
 | controller.livenessProbe.periodSeconds | int | `10` |  |
 | controller.livenessProbe.successThreshold | int | `1` |  |
 | controller.livenessProbe.timeoutSeconds | int | `1` |  |
-| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ |
+| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases |
 | controller.metrics.enabled | bool | `false` |  |
 | controller.metrics.port | int | `10254` |  |
 | controller.metrics.portName | string | `"metrics"` |  |
 | controller.metrics.prometheusRule.additionalLabels | object | `{}` |  |
-| controller.metrics.prometheusRule.annotations | object | `{}` | Annotations to be added to the PrometheusRule. |
 | controller.metrics.prometheusRule.enabled | bool | `false` |  |
 | controller.metrics.prometheusRule.rules | list | `[]` |  |
 | controller.metrics.service.annotations | object | `{}` |  |
-| controller.metrics.service.enabled | bool | `true` | Enable the metrics service or not. |
 | controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
 | controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
 | controller.metrics.service.loadBalancerSourceRanges | list | `[]` |  |
 | controller.metrics.service.servicePort | int | `10254` |  |
 | controller.metrics.service.type | string | `"ClusterIP"` |  |
 | controller.metrics.serviceMonitor.additionalLabels | object | `{}` |  |
-| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
 | controller.metrics.serviceMonitor.enabled | bool | `false` |  |
-| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. |
-| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. |
-| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. |
 | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` |  |
 | controller.metrics.serviceMonitor.namespace | string | `""` |  |
 | controller.metrics.serviceMonitor.namespaceSelector | object | `{}` |  |
 | controller.metrics.serviceMonitor.relabelings | list | `[]` |  |
-| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. |
 | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` |  |
 | controller.metrics.serviceMonitor.targetLabels | list | `[]` |  |
-| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. |
 | controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
 | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
 | controller.name | string | `"controller"` |  |
 | controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
+| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
+| controller.opentelemetry.enabled | bool | `false` |  |
+| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` |  |
+| controller.opentelemetry.resources | object | `{}` |  |
 | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
 | controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
-| controller.podSecurityContext | object | `{}` | Security context for controller pods |
+| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods |
 | controller.priorityClassName | string | `""` |  |
-| controller.progressDeadlineSeconds | int | `0` | Specifies the number of seconds you want to wait for the controller deployment to progress before the system reports back that it has failed. Ref.: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds |
 | controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
 | controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
 | controller.publishService.enabled | bool | `true` | Enable 'publishService' or not |
@@ -439,58 +402,36 @@ metadata:
 | controller.scope.enabled | bool | `false` | Enable 'scope' or not |
 | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
 | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
-| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
-| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
-| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
-| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
-| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
-| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
-| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
-| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
-| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. |
-| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
-| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
-| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
-| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
-| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
-| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
-| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
-| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
-| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
-| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
-| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
-| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. |
-| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
-| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
-| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
-| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
-| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
-| controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp:   8080: 30080 |
-| controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp:   53: 30053 |
-| controller.service.internal.ports | object | `{}` |  |
-| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
-| controller.service.internal.targetPorts | object | `{}` |  |
-| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
-| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
-| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
-| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
-| controller.service.labels | object | `{}` | Labels to be added to both controller services. |
-| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
-| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
-| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
-| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
-| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
-| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp:   8080: 30080 |
-| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp:   53: 30053 |
-| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |
-| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. |
-| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
-| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
-| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
-| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
-| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
+| controller.service.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. |
+| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # |
+| controller.service.enableHttp | bool | `true` |  |
+| controller.service.enableHttps | bool | `true` |  |
+| controller.service.enabled | bool | `true` |  |
+| controller.service.external.enabled | bool | `true` |  |
+| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
+| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. |
+| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
+| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. |
+| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
+| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
+| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
+| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
+| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
+| controller.service.labels | object | `{}` |  |
+| controller.service.loadBalancerClass | string | `""` | Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
+| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
+| controller.service.loadBalancerSourceRanges | list | `[]` |  |
+| controller.service.nodePorts.http | string | `""` |  |
+| controller.service.nodePorts.https | string | `""` |  |
+| controller.service.nodePorts.tcp | object | `{}` |  |
+| controller.service.nodePorts.udp | object | `{}` |  |
+| controller.service.ports.http | int | `80` |  |
+| controller.service.ports.https | int | `443` |  |
+| controller.service.targetPorts.http | string | `"http"` |  |
+| controller.service.targetPorts.https | string | `"https"` |  |
+| controller.service.type | string | `"LoadBalancer"` |  |
 | controller.shareProcessNamespace | bool | `false` |  |
-| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
+| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls |
 | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
 | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) |
 | controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # |
@@ -498,20 +439,19 @@ metadata:
 | controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # |
 | controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap |
 | controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
-| controller.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
 | controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
 | controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
-| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
+| defaultBackend.affinity | object | `{}` |  |
 | defaultBackend.autoscaling.annotations | object | `{}` |  |
 | defaultBackend.autoscaling.enabled | bool | `false` |  |
 | defaultBackend.autoscaling.maxReplicas | int | `2` |  |
 | defaultBackend.autoscaling.minReplicas | int | `1` |  |
 | defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` |  |
 | defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` |  |
-| defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
+| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # |
 | defaultBackend.enabled | bool | `false` |  |
+| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one |
 | defaultBackend.extraArgs | object | `{}` |  |
-| defaultBackend.extraConfigMaps | list | `[]` |  |
 | defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
 | defaultBackend.extraVolumeMounts | list | `[]` |  |
 | defaultBackend.extraVolumes | list | `[]` |  |
@@ -519,10 +459,9 @@ metadata:
 | defaultBackend.image.image | string | `"defaultbackend-amd64"` |  |
 | defaultBackend.image.pullPolicy | string | `"IfNotPresent"` |  |
 | defaultBackend.image.readOnlyRootFilesystem | bool | `true` |  |
-| defaultBackend.image.runAsGroup | int | `65534` |  |
+| defaultBackend.image.registry | string | `"registry.k8s.io"` |  |
 | defaultBackend.image.runAsNonRoot | bool | `true` |  |
 | defaultBackend.image.runAsUser | int | `65534` |  |
-| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | defaultBackend.image.tag | string | `"1.5"` |  |
 | defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources |
 | defaultBackend.livenessProbe.failureThreshold | int | `3` |  |
@@ -530,14 +469,14 @@ metadata:
 | defaultBackend.livenessProbe.periodSeconds | int | `10` |  |
 | defaultBackend.livenessProbe.successThreshold | int | `1` |  |
 | defaultBackend.livenessProbe.timeoutSeconds | int | `5` |  |
-| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
+| defaultBackend.minAvailable | int | `1` |  |
 | defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
 | defaultBackend.name | string | `"defaultbackend"` |  |
 | defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
 | defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # |
 | defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata |
-| defaultBackend.podSecurityContext | object | `{}` | Security context for default backend pods |
+| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # |
 | defaultBackend.port | int | `8080` |  |
 | defaultBackend.priorityClassName | string | `""` |  |
 | defaultBackend.readinessProbe.failureThreshold | int | `6` |  |
@@ -548,7 +487,6 @@ metadata:
 | defaultBackend.replicaCount | int | `1` |  |
 | defaultBackend.resources | object | `{}` |  |
 | defaultBackend.service.annotations | object | `{}` |  |
-| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
 | defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
 | defaultBackend.service.loadBalancerSourceRanges | list | `[]` |  |
 | defaultBackend.service.servicePort | int | `80` |  |
@@ -557,13 +495,11 @@ metadata:
 | defaultBackend.serviceAccount.create | bool | `true` |  |
 | defaultBackend.serviceAccount.name | string | `""` |  |
 | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
-| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
-| defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
 | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
 | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
-| global.image.registry | string | `"registry.k8s.io"` | Registry host to pull images from. |
 | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
 | namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
+| podSecurityPolicy.enabled | bool | `false` |  |
 | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
 | rbac.create | bool | `true` |  |
 | rbac.scope | bool | `false` |  |

charts/ingress-nginx/README.md.gotmpl

@@ -226,22 +226,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
 
 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
 
-### Pod Security Admission
-
-You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
-
-Example:
-
-```yaml
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ingress-nginx
-  labels:
-    kubernetes.io/metadata.name: ingress-nginx
-    name: ingress-nginx
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/enforce-version: v1.31
-```
-
 {{ template "chart.valuesSection" . }}

charts/ingress-nginx/changelog.md.gotmpl

@@ -2,10 +2,8 @@
 
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
-### {{ .NewHelmChartVersion }}
+### {{  .NewHelmChartVersion }}
 {{ with .HelmUpdates }}
-{{- range . }}
-* {{ . }}
-{{- end }}
-{{ end }}
+{{ range . }}* {{ . }}
+{{ end }}{{ end }}
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-{{ .PreviousHelmChartVersion }}...helm-chart-{{ .NewHelmChartVersion }}

charts/ingress-nginx/changelog/Changelog-4.7.0.md

@@ -6,7 +6,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
 
 * helm: Fix opentelemetry module installation for daemonset (#9792)
 * Update charts/* to keep project name display aligned (#9931)
-* HPA: Use capabilities & align manifests. (#9521)
+* HPA: Use capabilites & align manifests. (#9521)
 * PodDisruptionBudget spec logic update (#9904)
 * add option for annotations in PodDisruptionBudget (#9843)
 * Update Ingress-Nginx version controller-v1.8.0

charts/ingress-nginx/changelog/Changelog-4.8.2.md

@@ -4,7 +4,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
 
 ### 4.8.2
 
-* update nginx base, httpbun, e2e, helm webhook cert gen (#10506)
-* Update Ingress-Nginx version controller-v1.9.3
+* - "update nginx base, httpbun, e2e, helm webhook cert gen (#10506)"
+* - "Update Ingress-Nginx version controller-v1.9.3"
 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.1...helm-chart-4.8.2

charts/ingress-nginx/changelog/Changelog-4.8.3.md

@@ -3,7 +3,6 @@
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
 ### 4.8.3
-
 * Update Ingress-Nginx version controller-v1.9.4
 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.2...helm-chart-4.8.3

charts/ingress-nginx/changelog/helm-chart-2.10.0.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.10.0
-
-* [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.1...ingress-nginx-2.10.0

charts/ingress-nginx/changelog/helm-chart-2.11.0.md

@@ -1,10 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.11.0
-
-* [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
-* [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.10.0...ingress-nginx-2.11.0

charts/ingress-nginx/changelog/helm-chart-2.11.1.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.11.1
-
-* [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.0...ingress-nginx-2.11.1

charts/ingress-nginx/changelog/helm-chart-2.11.2.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.11.2
-
-* [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.1...ingress-nginx-2.11.2

charts/ingress-nginx/changelog/helm-chart-2.11.3.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.11.3
-
-* [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.2...ingress-nginx-2.11.3

charts/ingress-nginx/changelog/helm-chart-2.12.0.md

@@ -1,10 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.12.0
-
-* [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
-* [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.3...ingress-nginx-2.12.0

charts/ingress-nginx/changelog/helm-chart-2.12.1.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.12.1
-
-* [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.0...ingress-nginx-2.12.1

charts/ingress-nginx/changelog/helm-chart-2.13.0.md

@@ -1,10 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.13.0
-
-* [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
-* [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.1...ingress-nginx-2.13.0

charts/ingress-nginx/changelog/helm-chart-2.14.0.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.14.0
-
-* [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.13.0...ingress-nginx-2.14.0

charts/ingress-nginx/changelog/helm-chart-2.15.0.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.15.0
-
-* [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.14.0...ingress-nginx-2.15.0

charts/ingress-nginx/changelog/helm-chart-2.16.0.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.16.0
-
-* [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.15.0...ingress-nginx-2.16.0

charts/ingress-nginx/changelog/helm-chart-2.9.0.md

@@ -1,9 +0,0 @@
-# Changelog
-
-This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
-
-### 2.9.0
-
-* [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
-
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-TODO...ingress-nginx-2.9.0